Obama  as  president 

It’s  going  to  be  a  busy  week  for  President-elect  Barack  Obama.  Here  security  and  legal  experts  debate  how  the 
soon-to-be  president  can  securely  send  e-mail  from  his  PDA.  Meanwhile,  Obama  nominated  Julius  Genachowski 
to  chair  the  Federal  Communications  Commission.  Pages  8  and  10. 


see  virtualization 
challenge 

IP  contact  centers 
can  benefit  from  vir¬ 
tualization  as  much 
as  any  other  technol¬ 
ogy,  but  because  of 
its  real-time  nature 
deploying  virtual 
machines  can  be 
tricky.  Page  15. 


Cisco  aims  to  ease 
11n  deployments 

The  new  Aironet  1140 
access  point  can 
deliver  full  802.1 1  n 
performance  on  an 
existing  802.3af 
Power- over-Ethernet 
infrastructure  and 
gives  legacy  Wi-Fi 
clients  a  boost  of 
speed.  Page  16. 


Introducing  Apple's 
Tim  Cook 

Apple’s 
low-pro¬ 
file 
COO 
Tim 
Cook 

will  be  standing  in  for 
Steve  Jobs  while  he 
takes  a  leave  of 
absence  because  of 
his  health.  Who  is 
Cook?  Page  20. 


Nortel’s 
fall  took 
years  to 
hit  bottom 

BY  JIM  DUFFY  AND 
TIM  GREENE 

Nortel’s  decline  —  punctuated 
by  last  week’s  bankruptcy  pro¬ 
tection  filings  —  started  long 
before  the  accounting  scandal 
of  2004  and  the  multimillion-dol- 
lar  quarterly  losses  the  company 
has  piled  up  since. 

Nortel  began  unraveling  after 
failing  to  capitalize  on  the  huge 
acquisitions  it  made  in  the  late 
1990s  and  early  2000s.  It  paid  $15 
billion  for  two  companies  — 
switch  makers  Bay  Networks  and 
Alteon  WebSystems  —  in  an 
effort  to  transform  itself  from  a 
century-old  voice  telephony  stal¬ 
wart  into  an  IP  voice  and  data 
powerhouse. The  acquisitions  — 
$7  billion  for  Alteon  alone,  which 
at  that  time  had  annual  revenue 
just  shy  of  $200  million  —  came 
amid  the  dot-com  bubble.  Navi¬ 
gating  that  while  trying  to  estab¬ 
lish  itself  in  new  markets  like  IP 
routing,  and  LAN  and  Web 
switching  did  not  allow  the  com¬ 
pany  to  grow  or  take  substantial 
share  in  those  markets. 

This  inability,  coupled  with 
declining  revenue  in  its  legacy 
See  Nortel,  page  11 


Feds  intensify  efforts 
to  secure  'Net  routing 


BY  CAROLYN  DUFFY  MARSAN 

The  U.S.  government  is  accelerating  its 
efforts  to  secure  the  Internet’s  routing  sys¬ 
tem,  with  plans  this  year  for  the  Depart¬ 
ment  of  Homeland  Security  to  quadru¬ 
ple  its  investment  in  research  aimed  at 
adding  digital  signatures  to  router  com¬ 
munications. 

DHS  says  its  routing 
security  effort  will  pre¬ 
vent  routing  hijack 
attacks  as  well  as  acci¬ 
dental  misconfigurations 
of  routing  data.The  effort 
is  nicknamed  BGPSEC 
because  it  will  secure  the 
Internet’s  core  routing 
protocol  known  as 
Border  Gateway  Protocol 
(BGP).  (A  separate  fed¬ 
eral  effort  is  underway  to  bolster  another 
Internet  protocol,  DNS,  and  it  is  called 
DNSSEC.) 

Douglas  Maughan,  program  manager  for 
cybersecurity  R&D  in  the  DHS  Science  and 
Technology  Directorate,  says  his  depart¬ 


ment’s  spending  on  router  security  will  rise 
from  around  $600,000  per  year  during  the 
last  three  years  to  approximately  $2.5  mil¬ 
lion  per  year  starting  in  2009. 

“BGPSEC  is  going  to  take  a  couple  of 
years  to  go  through  the  process  of  devel¬ 
opment  and  prototypes  and  standardiza¬ 


tion,”  Maughan  says.“We’re  really  talking  . . . 
four  years  out,  if  not  longer,  before  we  see 
deployment.” 

Experts  hailed  the  move,  saying  BGP  is 
one  of  the  Internet’s  weakest  links. 

See  BGP,  page  14 


**Every  instance  of  rout¬ 
ing  hijacks  . . .  over  the 
last  several  years  are 
proof  that  [securing  BGP] 
needs  to  be  done.” 

Douglas  Maughan 

DHS  program  manager  for  cybersecurity  R&D 
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CLEAR  CHOICE  ! 


High  marks  for 
Wi-Fi  traffic 
analysis  tools 

AirMagnet  and  WildPackets 
offer  robust  suites  for  packet 
capture  and  analysis.  Page  28 

CAGE  Technologies’  ad-hoc  tool 
gets  perfect  score.  Page  32 

Go  online  to  see  a  slideshow  of 
the  six  WLAN  management 
tools  that  we  tested. 

www.nwdocfinder.com/8344 
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SunGard  Availability  Services  help  your  business  move  forward  with 
the  most  advanced  and  widest  choice  of  information  availability  options 
in  the  industry 


From  virtualization  to  hot  sites  to  replication  and  vaulting— SunGard  Availability  Services 
does  it  all.  And  it’s  all  we  do.  That  kind  of  focus  helps  ensure  high  availability  of  data, 
i  applications  and  systems  and  fits  your  needs  and  budget  precisely. 


When  we  partner  with  you,  you  worry  less  about  the  road  ahead.  Here’s  why: 
a  track  record  of  100%  successful  recoveries;  over  60  facilities  with  redundant 
power  connected  to  SunGard's  secure  global  network;  and  more  than  20,000  end- 
user  positions  in  facilities  across  North  America  and  Europe.  SunGard  Availability 
Services— the  information  availability  solution  for  businesses  that  must  run  non-stop. 
Keep  moving,  call  1-800-468-7483  or  visit  www.availability.sungard.com. 


SUNGARD*  Saa. 

Availability  Services  Connected.® 
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■  Ooma’s  Telo  includes  a 
cordless  handset,  mobile 
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adding  as  many  as  six 
other  handsets. 
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GOODBADUGLY 


Take  that,  zero-day  attacks 

Shutting  down  zero-day  computer 
attacks  could  be  carried  out  inexpen¬ 
sively  by  peer-to-peer  software  that 
shares  information  about  anomalous 
behavior,  say  researchers  at  the  Univer¬ 
sity  of  California  at  Davis. The  software 
would  interact  with  personal  firewalls 
and  intrusion-detection  systems  to 
gather  data  about  anomalous  behavior. 

U.S.  falling  behind  in  patents 

Fifty-one  percent  of  new  patents  issued 
by  the  U.S.  Patent  and  Trademark  Office 
were  awarded  to  companies  from  out¬ 
side  the  U.S.,  according  to  the  IFI  Patent 
Intelligence.  That  was  a  slight  shift  over 
the  previous  year  in  which  patents  were 
split  50-50  between  U.S.  and  non-U.S. 
companies.  On  the  bright  side  for  the 
United  States:  IBM  remained  the  top 
individual  patent  winner. 


Phishing  gets  trickier 
A  bug  found  in  all  major  browsers  could 
make  it  easier  for  criminals  to  steal 
online  banking  credentials  using  a  new 
type  of  attack  called  “in-session  phish¬ 
ing,”  according  to  researchers  at  secu¬ 
rity  vendor  Trusteer.  Here's  how  an 
attack  would  work: The  bad  guys  would 
hack  a  legitimate  Web  site  and  plant 
HTML  code  that  looks  like  a  pop-up 
security-alert  window. The  pop-up  then 
would  ask  the  victim  to  enter  password 
and  logon  information,  and  possibly 
answer  other  security  questions  used 
by  banks  to  verify  the  identity  of  their 
customers. 


A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Thumbs  up  or  down  on  Palm’s  new 
Pre  smartphone? 


Thumbs  down: 
iPhone  rules.  13%  ~i 


Thumbs  up:  BIG 
screen,  sleek  front, 
gestures,  way  cool. 


Thumbs  down: 
a  Sprint 
Are  you 
kidding?! 


36% 


It  all  depends 
on  the  prices,  for 
the  Pre,  and  the 
service  plans.  19% 


Thumbs  up:  the 
browser  is  yowzer.  18% 


Total  voters  for  this  poll:  1,334 


Vote  and  discuss:  www.nwdocfinder.com/8325 


PEERSAY 


Editor's  note:  As  you  might  expect,  a  post 
titled  “Why  Windows  7  will  crush  Linux" gener¬ 
ated  considerable  discussion  online.  Here  are 
some  of  the  replies  to  Ron  Barrett’s  post.  You 
can  read  all  of  them  —  and  add  your  thoughts, 
at  www.nwdocfinder.com/8321 

More  people  will  move  away 
from  Windows 

Ubuntu  Linux  is  free.  It  works  very  well.  I  run 
it  at  work  and  at  home 
as  a  desktop  operat¬ 
ing  system.  I  know 
many  other  people 
that  run  it,  as  well.  I’ve 
run  dozens  of  operat¬ 
ing  systems,  but  I 
admit  I  have  yet  to  see 
Windows  7.To  be  hon¬ 
est,  I  wouldn’t  want  to 
waste  my  bandwidth 

downloading  it.  I've  been  burned  by  Microsoft 
for  the  past  18  years.  I  believe  a  less  buggy 
more  responsive  version  of  Windows  is  still. ... 
Windows.  I  hate  the  Windows  desktop  experi¬ 
ence. 

As  alternatives  like  Mac  OS  X,  Ubuntu  and 
Android  continue  to  mature, you  will  continue 
to  see  more  people  move  away  from  Windows. 
I’m  not  claiming  a  mass  exodus  away  from 
Windows,  but  I  don’t  foresee  any  reversal  to  the 
current  trend.  Sure,  Linux  has  a  small  home 
computer  market  share,  but  it  will  continue  to 
grow.  Ubuntu  and  Android  on  inexpensive  net- 
books  and  phones  will  hoist  up  numbers  to 
levels  unprecedented  in  the  past.  I  definitely 
don’t  see  Windows  7  crushing  the  Penguin. 

John  Fario 

Forget  Windows,  give  us  the 
.Net  stack 

Barrett  does  not  demonstrate  any  under¬ 
standing  of  the  FOSS  movement,  the  software 
industry  or  Linux  itself,  nor  does  he  support  his 
claims  with  reason  why  Windows  7  will  ‘crush’ 
the  Linux  platform.  For  instance,  it’s  a  widely 
accepted  prediction  that  the  desktop  and  even 
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**As  alternatives  like  Mac  OS 
X,  Ubuntu  and  Android  con¬ 
tinue  to  mature,  you  will  con¬ 
tinue  to  see  more  people 
move  away  from  Windows.  3,5 
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phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 
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To  get  the  client 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 


the  traditional  boat  anchor  laptop  as  we  know 
them  are  giving  way  to  Web-enabled  appli¬ 
ances  and  mobile  devices,  for  which  Linux  is 
extremely  well  suited.  In  this  area,  Microsoft 
offers  only  its  feeble  Windows  Mobile  OS. This 
is  the  same  exact  thing  we’ve  seen  huge,  indus¬ 
try-leading  companies  like  Microsoft  do  time 
and  again;  as  the  inflexible,  bloated,  un-agile 
Goliaths  they’ve  become,  they  forever  see  the 
state  of  the  art  as  it  was  when  they  were  in  their 
heyday  and  they  fail  to  embrace  real  technol¬ 
ogy  trends  in  their  products. 

The  operating  sys¬ 
tem  is  being  com¬ 
moditized,  because 
general-purpose  com¬ 
puting  is  being  in¬ 
creasingly  done  on 
the  network.  This  is 
one  of  the  largest  rea¬ 
sons  that  Vista  was  not 
widely  adopted.  Vista 
had  few  problems  in 
November  2006  that  XP  didn’t  also  share  in 
October  of  2001  (instability  resource  hog  and 
so  on), but  we  need  no  longer  have  an  OS-cen¬ 
tric  view  of  computing.The  best  way  Microsoft 
can  participate  in  the  next  generation  comput¬ 
ing  community  is  with  its  .Net  stack,  not  with 
Windows  7. 

Steve  Bulkley 

Missing  the  big  picture 

Fact  is  that  home  computing  is  everywhere 
now.  Microsoft  has  made  some  bad  choices  for 
a  long  time  but  I  believe  not  to  really  hurt  any¬ 
one  but  to  make  sure  that  their  business  stays 
profitable. 

Microsoft  not  realizing  has  stepped  on  too 
many  toes,  and  with  an  option  out  there  called 
Linux,  they  have  explored  these  options  (force¬ 
fully)  and  have  not  regretted  their  decision. 

I  don’t  want  to  get  into  the  nitty  gritty  of  why 
so  many  people,  organizations  and  such 
attack  Microsoft  with  viruses  (and  it’s  not 
because  Windows  has  flaws  —  if  they  put 
that  much  effort  into  finding  Linux  flaws  they 
would  probably  have  just  as  much),  it’s  be¬ 
cause  of  Microsoft’s  past  business  practices 
and  popularity. 

But  realize  too,  that  Microsoft  has  not  nega¬ 
tively  affected  the  home  computing  market  in 
any  direct  way  so  it  will  keep  that  market  as 
long  as  it  does  not  mess  up  in  any  big  way. 

Microsoft  will  prevail  and  even  possibly  start 
getting  back  some  of  the  percentage  of  desk¬ 
tops  it  has  lost.  1  say  this  because  1  have  tested 
Windows  7  and  I  definitely  think  it’s  very  good 
for  the  home  computing  market  and  I  would 
even  dare  say  for  the  corporate  world  too. 

Joseph  Fasulo 


E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01701- 
9002.  Please  include  phone  number  and  address 
for  verification 
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Websites? 


Make  Money  with  Your  Own 
Web  Hosting  Reseller  Business! 


Host  unlimited  websites,  email  and  domain  names  in  our  world-class 
US  data  center  and  resell  everything  under  your  own  brand. 

Try  the  Fasthosts  Reseller  Account  FREE  and  without 
obligation  for  a  year. 
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★  Unlimited  Websites 

Total  flexibility  -  create  your  own 
web  hosting  solutions  or  resell  our 
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★  Unlimited  Bandwidth 

Unlike  other  providers,  we  don't  limit  your 
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★  Unlimited  Web  Space 

Host  large  websites  knowing  you'll 
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★  Unlimited  Email 

Resell  unlimited  POP3/IMAP  mailboxes 
and  offer  complete  Hosted  Microsoft 
Exchange  solutions. 


Great  Features  and  Benefits 

•  Create  your  own  plans  and  custom  solutions 

•  Load  balanced  Windows  and  Linux  options 

•  Fast  US  web  servers  in  our  world-class  data  center 

•  Private-label  tools  -  use  your  own  brand  name 
See  website  for  details 
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■  Experts  on  hand  whenever  you  need  them 

■  24/7  helpline  and  email  support 
In-house  professionals  based  in  the  US 
Comprehensive  reseller  support  website 
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1 BL0G03PHERE 


■  Video:  Fire,  flood  won’t  stop  this  hard 
drive.  Keith  Shaw  writes  in  his  Cool  Tools 
Happy  Blog:  "My  favorite  video  from  CES  last 
week  was  this  one  we  did  with  the  folks  at 
ioSafe,  which  is  selling  a  $150  external  hard 
drive  that  is  completely  waterproof  and  fire¬ 
proof.  To  showcase  how  practically  inde¬ 
structible  this  enclosure/system  is,  we  sub¬ 
merged  the  unit  into  a  pool,  and  then  set  it  on 
fire.  The  video  says  it  all."  www.nwdocfind 
er.com/8326 

■  Does  Apple  have  anything  to  fear 
from  the  Palm  PrePYoni  Heisler  writes  in 
his  iOnApple  blog:  “With  CES  behind  us,  one 
of  the  biggest  surprises  was  the  announce¬ 
ment  of  the  Palm  Pre,  Palm’s  latest  entry  in 
the  smartphone  market.  Designed  in  part  by 
Jon  Rubenstein,  a  former  Apple  executive, 
the  Palm  Pre  is  a  multi-touch  screen  phone 
with  a  pull-out  QWERTY  keyboard  that  some 
pundits  think  has  the  best  chance  of  chal¬ 
lenging  Apple’s  iPhone  —  but  is  there  any 
truth  to  that  statement?  First  of  all,  Palm  has 
to  be  given  a  lot  of  credit  for  delivering,  by  all 
accounts,  a  sexy-looking  phone  that  had  a  lot 
of  people  crowning  it  the  best  new  product 
from  CES."  www.nwdocfinder.com/8327 

■  Hyper-V  management  news:  SCVMM’s 
cool  new  features.  Glenn  Weadock  writes 
in  his  Windows  Server  2008  blog:  "One  of  the 
areas  Microsoft  says  it  has  addressed  in  the 
new  (still  in  beta  as  of  this  writing)  R2  release 
of  Server  2008  is  virtualization,  which  in  the 
Microsoft  world  now  means  Hyper-V.  There 
are  some  performance  improvements;  for 
example,  Microsoft  indicates  that  TCP  off¬ 
load  and  jumbo  frames  support  will  improve 
virtual  networking  speeds  in  R2.  And  Live 
Migration  is  a  big  deal;  I’ll  write  more  about 
that  soon.  .  .  .  But  the  big  news  in  Hyper-V 
management  isn't  R2,  it’s  System  Center 
Virtual  Machine  Manager  2008,  which  went 
gold  in  October  ’08." 
www.nwdocfinder.com/8328 

■  Testers  give  Cisco  ASR  1000  the 
thumbs-up.The  Cisco  Subnet  blog  reports: 
“Cisco’s  new  ASR  1000  scored  a  high  4.38 
points  out  of  5  in  Network  World’s  exclusive 
test  of  the  router.  Tester  David  Newman  re¬ 
marked  that  the  ASR  'proved  a  capable  per¬ 
former  when  handling  multicast  and  IPSec 
VPN  traffic.  And  with  a  40-core  processor, 
the  ASR  has  enough  headroom  to  run  fire¬ 
walls,  load  balancers  and  other  services 
without  requiring  additional  hardware.’  New¬ 
man  also  noted  that  the  product’s  data-plane 
capacity  still  needed  to  grow  and  that  Cisco 
has  yet  to  roll  out  all  ASR  services.” 
www.nwdocfinder.com/8329 


The  fire-  and  flood- 
proof  hard  drive 

loSafe’s  Solo  USB  hard 
drive  will  keep  your  pre¬ 
cious  data  safe  from 
fire  and  floods.  Keith 
Shaw  gets  a  hot  demo 
to  prove  it. 

www.nwdocfinder.com/8332 


Screen  cleaner! 
Refreshing  drink! 

Forget  the  harmful 
chemicals  in  your  stan¬ 
dard  screen  or  glasses 
cleaner —  Purosol  does 
the  job  and  quenches 
your  thirst,  as  Keith 
finds  out  at  CES  2009. 

www.nwdocfinder.com/8333 


Turbo-charging  your 
inKjet  printer 

Memjet’s  new  ink-jet 
printing  technology 
makes  pages  fly  out  of 
the  printer. 

www.nwdocfinder.com/8334 
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The  IT  mgmt  hot  list  for  2009 


Network  management:  The  IT  spending 
forecast  continues  to  creep  downward,  but 
many  industry  watchers  argue  that  despite 
the  stall  in  spending,  IT  management  initia¬ 
tives  will  flourish  in  2009.  One  research 
firm,  Enterprise  Management  Associates 
(EMA),  laid  out  what  it  considers  the  top  IT 
management  trends  to  watch  for  2009. 

EMA  lists  12  areas  it  believes  will  find 
greater  attention  in  2009,  but  here  I  will 
explore  a  few  that  could  gain  popularity 
due  to  their  multi-purpose  appeal. To  start, 
the  firm,  always  an  advocate  of  processes 
around  managing  configurations,  expects 
to  see  configuration  management  data¬ 
bases  (CMDB)  evolve  into  federated  sys¬ 
tems  that  will  encompass  application  dis¬ 
covery,  provide  better  metrics  and  “closely 
link  to  related  architectures  like  process 
automation”  One  area  that  CMDBs  could 
help  enterprise  IT  with  is  instituting 
chargeback  capabilities.  By  correlating 
CMDB  data  with  information  from  asset, 
procurement  and  financial  systems,  IT 
managers  might  be  able  to  better  pinpoint 
the  costs  they  expend  delivering  services 
to  the  business. 
www.nwdocflnder.com/8322 

Wireless:  An  iffy  economy  and  conserva¬ 
tive  IT  budgets  have  ushered  in  the  new 


year.  And  as  2009  unfolds,  wireless  has 
pretty  well  established  itself  as  the  net¬ 
work  connectivity  medium  of  choice  go¬ 
ing  forward.  With  these  conditions  in 
mind,  where  is  it  wise  to  invest  and  where 
can  you  hold  off  on  spending?  First,  note 
that  there  are  a  lot  of  expensive  legacy 
devices  kicking  around,  particularly  in  re¬ 
tail  and  warehouse  environments.  Many  of 
these  devices  have  a  7-  to  10-year  life 
cycle,  which  means  they  might  be  around 
for  several  years.  If  you’re  prioritizing 
where  to  spend  your  dollars,  however,  it’s  a 
good  idea  to  put  replacement  of  really  old 
wireless  scanners  and  handsets  at  the  top 
of  the  list. The  reason  is  that  many  support 
substandard  Wired  Equivalent  Privacy 
(WEP)  encryption  for  security,  which  has 
suffered  numerous  headline-making 
breaches.  Retailers  should  note  that  WEP 
is  forbidden  by  the  latest  Payment  Card 
Industry  Data  Security  Standard  (PCI  DSS) 
in  new  deployments  after  March  2009.  PCI 
1.2,  which  published  in  October,  also  re¬ 
quires  that  WEP  be  off  wireless  networks 
entirely  by  January  2010  (a  year  from 
now),  and  requires  a  minimum  of  Wi-Fi 
Protected  Access  security.  If  you’re  upgrad¬ 
ing  anyway,  though,  spring  forWPA2  if  you 
can  get  it  on  the  new  devices. 
www.nwdocflnder.com/8323 
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Forrester  forecasts  decline 
in  global  IT  spending 

Global  spending  on  IT  products  and  services  will  drop  by  3%  in  2009  to  $1.66 
trillion  when  measured  in  U.S.  dollars,  but  subsequently  rebound  by  9%  in 
20 10,  according  to  a  new  Forrester  Research  study  The  economic  recession  in 
the  United  States  and  other  countries  is  the  main  reason  for  the  2009  decline,  fol¬ 
lowed  by  the  stronger  dollar,  according  to  the  report.  Some  technology  areas  will 
do  better  than  others.  Software  spending  this  year  will  remain  flat  over  2008,  at  $388 
billion,  while  communications  equipment,  IT  services  and  computer  hardware 
expenditures  will  all  see  a  drop,  Forrester  said.The  forecast  could  be  worse,  accord¬ 
ing  to  analyst  Andrew  Bartels.“In  this  environment  bad  news  can  actually  be  good 
news  if  it’s  not  disastrously  bad  news,”  he  said.  Bartels  cited  factors  such  as  lower 
energy  prices,  an  “unfreezing”  of  the  commercial  credit  market  and  the  prospect  of 
a  large  stimulus  package  from  the  incoming  Obama  administration  as  reasons  to 
believe  the  economy  could  turn  around  sooner  rather  than  later. 
www.nwdocfinder.com/8336 


Microsoft  tool  lets  old  Windows  appli¬ 
cations  run  on  Vista.  Microsoft  has 
released  the  first  public  beta  of  a  tool  that 
solves  one  of  the  chief  complaints  businesses 
have  with  Windows  Vista:  that  older  Windows 
applications  aren’t  compatible  with  the  new 
operating  system. The  Microsoft  Enterprise 
Desktop  Virtualization  tool  lets  users  run  leg¬ 
acy  Windows  applications,  including  those 
built  for  Windows  2000  and  Windows  Xf^on 
Vista  by  using  virtualization  technology.“Our 
primary  goal  was  to  deliver  an  enterprise  vir¬ 
tualization  solution  for  the  compatibility  chal¬ 
lenges  that  IT  teams  have  with  some  of  their 
line-of-business  applications,  during  the 
upgrade  to  new  operating  systems  (like  Win¬ 
dows  Vista) ’’said  Ran  Oelgiesser.a  MED-V 
senior  product  manager,  in  a  blog  post. 
Microsoft  acquired  the  MED-V  technology 
when  it  closed  its  purchase  of  Kidaro  last  May 
The  final  release  of  the  software  is  expected 
later  this  year.www.nwdocfinder.com/8337 

Google  looking  to  push  Apps  to  corpo¬ 
rations.  Google  is  building  a  reseller  pro¬ 
gram  for  its  online  suite  of  enterprise  applica¬ 
tions  as  it  seeks  to  push  its  productivity  tools 
and  software-as-a-service  model  deeper  into 
corporate  computing.The  company  said  it 
has  50  resellers  in  a  pilot  program  that  will 
allow  them  to  sell  and  support  Google  Apps 
Premier  Edition  with  a  host  of  corporate  fea¬ 
tures  such  as  directory  synchronization  and 
user  provisioning.  GAPE  is  the  vendor’s  $50 
per  user  productivity  suite  that  targets  busi¬ 
nesses,  and  has  proven  worthy  in  certain  situa¬ 
tions,  most  involving  universities  or  small  and 
midsize  businesses  looking  to  cut  costs.The 
reseller  program,  which  will  formally  open  in 
March,  is  Google’s  biggest  move  to  court  busi¬ 
ness  users  since  July  2007,  when  it  laid  out 
$625  million  for  e-mail  hygiene  vendor  Fbstini, 


which  provided  the  compliance,  archiving 
and  e-mail  protection  GAPE  lacked. 

www.nwdocfinder.com/8338 

Yahoo  taps  Bartz  as  CEO,  Decker  walks. 

Yahoo  has  chosen  former  Autodesk  CEO 
Carol  Bartz  (shown  here)  as  its  next  CEO  to 
replace  Jerry  Yang,  who  announced  his 

intention  to  step  down  in 
November. Yahoo  also 
announced  that  President 
Sue  Decker,  who  had 
been  a  candidate  for  the 
CEO  position,  has  re¬ 
signed  and  will  leave  the 
company  after  a  transi¬ 
tional  period.  Gartner  analyst  Allen  Weiner 
called  Bartz  “a  very  solid  pick”  who  should 
be  an  “easy  sell”  to  investors,  partners, 
employees  and  advertising  customers. 
www.nwdocfinder.com/8339 

Microsoft  layoffs  could  come  this  week. 

Rumors  of  layoffs  at  Microsoft  continue  to 
swirl  ahead  of  the  company’s  quarterly  earn¬ 
ings  report  slated  for  Jan.  22.  It  is  likely  that 
Microsoft  would  make  any  layoff  announce¬ 
ment  during  or  before  the  earnings  call,  so 
financial  analysts  can  adjust  their  forecasts. 
Expectations  are  that  if  the  company  does  lay 
off  staff,  the  cuts  will  be  far  less  than  the 
15,000  number  that  has  been  floated  by  some 
news  outlets.  With  94,286  employees  world¬ 
wide,  a  cut  that  size  would  represent  nearly 
16%  of  Microsoft’s  workforce.  Since  its  incep¬ 
tion  in  1975,  Microsoft  has  not  had  a  single 
layoff  even  close  to  that  number.  Meanwhile, 
Wall  Street  analysts  are  expecting  revenue 
growth  of  about  5%,  according  to  reports.That 
percentage  tracks  on  the  low  end  of  guidance 
Microsoft  issued  in  October  for  fiscal  2009  rev¬ 
enue  growth,  which  it  predicted  will  be  in  the 


“single  digits  to  low  double  digits.”  Microsoft’s 
financial  year  ends  June  30,2009. 

www.nwdocfinder.com/8340 

Is  Apple  opening  iPhone  to  new  brows¬ 
ers?  Apple  may  be  loosening  restrictions  that 
have  so  far  blocked  Web  browsers  to  save  its 
own  Safari  from  the  iPhone.  Last  week  the 
company  gave  a  green  light  to  some  new 
third-party  Web  browsing  applications  for  the 
iPhone,  according  to  a  number  of  reports.The 
applications  appeared  on  sites  such  as 
AppShopper,  a  Web  site  for  iPhone  and  iPod 
Touch  software,  as  well  as  Apple’s  App  Store. 
Some  of  them  are  free,  others  range  in  price 
from  $1  to  $2.  But  a  closer  look  at  the  some- 
times-sketchy  information  about  these  appli¬ 
cations  reveals  they  may  be  plug-ins  or  skins 
to  enhance  the  default  Web  Safari  browser. 
One  example  is  Cooliris,  which  is  clearly  iden¬ 
tified  as  a  plug-in. There’s  been  no  formal 
announcement  by  Apple,  and  the  Apple  PR 
staff  has  not  responded  to  our  request  for 
comment,  www.nwdocfinder.com/8342 

Tech  watchers  feel  economic  pain.  Tech 
industry  stalwart  Gartner  has  canceled  its  cor¬ 
nerstone  Spring  Symposium/ITxpo  events  in 
Las  Vegas  and  Barcelona  and  reduced  its 
workforce  by  1 17  staff,  illustrating  that  IT 
watchers  aren’t  immune  to  the  economic  tur¬ 
moil  the  vendors  and  enterprise  clients  they 
serve  are  facing.“While  a  number  of  factors 
influenced  this  decision,  the  primary  reason 
for  the  change  is  the  current  macro  economic 
environment  and  its  anticipated  impact  on 
attendee  travel  and  overall  event  attendance,” 
a  Gartner  spokesman  stated  in  an  e-mail  to 
Network  World.  Meanwhile,  AMR  Research  is 
reportedly  cutting  its  workforce  by  10%.  At 
Yankee  Group,  CEO  Emily  Green  said  in  a 
blog  post  that  the  research  firm  is  once  again 
restructuring. Yankee  Group  also  conducted  a 
workforce  reduction  August  2008. 
www.nwdocfinder.com/8343 

Intel’s  net  profit  drops  90%.  Intel’s 
fourth-quarter  profit  plunged  90%  from  a  year 
earlier,  as  the  chip  maker  battled  a  worsening 
economy  and  recorded  a  steep  loss  from  in- 
vestments.The  company  recorded  net  profit 
of  $234  million  for  the  quarter  ended  Dec.  27, 
compared  with  $2.27  billion  in  last  year’s 
fourth  quarter.  The  results  included  a  loss  of 
$1.1  billion  from  equity  investments  and  inter¬ 
est,  primarily  caused  by  a  billion-dollar  reduc¬ 
tion  in  the  value  of  Intel’s  investments  in 
Clearwire.  Intel’s  bright  spot  this  quarter  was 
the  sales  of  Atom  chips  for  netbooks, small 
laptops  designed  for  Web  surfing  and  produc¬ 
tivity  applications.  Revenue  from  Atom  micro¬ 
processors  and  chipsets  was  up  50%  sequen¬ 
tially  to  $300  million.  Intel  did  not  project  rev¬ 
enue  guidance  for  the  first  quarter  of  2009,  cit¬ 
ing  “economic  uncertainty  and  limited  visi¬ 
bility’  www.nwdocfinder.com/8341 
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How  Obama  could  get  his 
way  with  his  BlackBerry 


BY  ELLEN  MESSMER  AND  JOHN  COX 

Naysayers  aside,  President-elect  Barack 
Obama  appears  determined  to  take  office 
Tuesday  with  his  BlackBerry  —  or  at  least 
some  PDA  —  firmly  in  hand.  Here’s  how 
experts  say  he  might  pull  it  off  —  and  what  pit- 
falls  he  may  be  underestimating. 

The  Presidential  Records  Act  requires  reten¬ 
tion  of  the  bulk  of  documents  generated  by 
the  president  for  public  review  at  a  later  date, 
so  any  message  Obama  creates  with  his  Black¬ 
Berry  would  have  to  be  retained  and  stored, 
subject  to  scrutiny  in  the  future.  But  the  larger 
problem  is  that  the  BlackBerry  is  unlikely  to 
get  the  nod  as  the  presidential  wireless  hand¬ 
held  from  the  National  Security  Agency  (NSA) 
or  other  federal  entities  with  a  traditional  over¬ 
sight  role  in  top-secret  communications  secu¬ 
rity  according  to  experts. 

“The  most  significant  issue  here  is  security 
says  Randy  Sabett,  partner  at  Washington  law 
firm  Sonnenschein,  Nath  &  Rosenthal  LLPThe 
No.  1  target  of  anyone  anywhere  in  the  world 
would  be  the  email  communications  of  the 
most  powerful  man  in  the  world,  the  president 
of  the  United  States.”  Sabett,  who  has  worked  at 
the  NSA,  says  that  “nation-states,  terrorist  orga¬ 
nizations  and  criminal  gangs”  could  be  ex¬ 
pected  to  try  to  break  into  a  president’s 
BlackBerry 

There  is  a  version  of  the  BlackBerry  that  uses 
AES-256  encryption,  which  has  been  approved 
by  the  Defense  Department  for  sensitive  com¬ 
munications.  Research  in  Motion,  maker  of  the 
BlackBerry  points  to  a  number  of  government 
and  third-party  security  certifications  as  evi¬ 
dence  that  its  key-management  system  is 
secure. 

A  November  2008  certification  by  the  Fraun¬ 
hofer  Institute  for  Secure  Information  Technol¬ 
ogy  in  Germany  for  example,  gave  a  positive 
evaluation  to  the  BlackBerry’s  use  of  crypto¬ 
graphic  algorithms  and  life-cycle  management 
of  shared  secrets  or  keys  and  passwords. 

But  for  top-secret  communications,  the  NSA 
has  a  history  of  turning  to  select  manufactur¬ 
ers  for  custom-designed  equipment.  These 
include  the  high-security  STU-III  phones  or  the 


ONLINE:  Chatting  about  a  new 
administration 

Bloggers  from  Computerworld  and 
Network  World  talk  about  their  hopes 
for  the  Obama  administration  and  the 
IT  industry. 

www.nwdocfinder.com/8335 


more  recent  Secure  Mobile  Environment/- 
Portable  Electronic  Device  (SME/PED)  pro¬ 
gram  under  which  General  Dynamics  built  the 
Sectera  Edge  smartphone  and  PDA. 

This  Sectera  is  compliant  with  what’s 
called  the  Secure  Communications 
Interoperability  Protocol  and  the  High 
Assurance  Internet  Protocol  Encryptor 
Interoperability  Specification  for  secure 
interoperability  with  in-line  encryption 
devices  used  on  the  government’s  Secure 
Internet  Router  Network  (SIPRnet). 

L-3  Communications  has  also  built  an  SME 
PED-style  PDA  called  the  Guardian,  which  is 
undergoing  certification. 

But  use  of  any  PDA  smartphone  remains 
problematic  for  a  president. 

Smartphones  are  programmable  devices 
and  “local  devices  are  increasingly  vulnerable 
to  attacks  by  injecting  hostile  software  onto  the 
device,”  says  Phil  Zimmermann,a  fellow  at  the 
Stanford  Law  School’s  Center  for  Internet  and 
Society  and  creator  in  1991  of  Pretty  Good 
Privacy  (PGP),  the  public-key  encryption  and 
authentication  system. 

“If  that  code  can  gain  control  of  the  device,  it 
could  take  such  actions  as  activate  the  micro¬ 
phone,  record  his  conversations  and  then 
transmit  them  somewhere,”  Zimmermann  says. 
“You’re  being  ratted  out  by  the  device  in  your 
pocket.”  Potentially  the  device  could  even  “rat 
out”  your  location,  he  adds,  because  many 
smartphones  provide  highly  accurate  GPS 
capabilities. 

While  a  simple  BlackBerry  for  the  president 
may  not  get  the  thumbs-up  from  the  NSA, 
Obama  should  not  necessarily  consider  this 
the  final  word,  says  security  expert  Bruce 
Schneier. 

“Look,  he  can  decide  to  paint  the  White 
House  blue  if  he  wants,”  Schneier  says.  “The 
Internet  is  the  greatest  generation  gap  since 
rock  and  roll. . .  .The  NSA  will  tell  you  the  risks, 
but  they  will  never  say  here’s  what  the  benefits 
are.”  Obama  might  be  so  productive  and  effec¬ 
tive  with  a  BlackBerry  or  other  PDA,  it  would 
outweigh  the  risks. 

But  Schneier  also  acknowledges  the  risk  of 
hacking  the  presidential  PDA  is  high  and  in 
any  event,  it  is  not  possible  to  have  absolute 
certainty  that  e-mail  actually  came  from 
Obama. 

“No  encryption  program  solves  that,” 
Schneier  says. 

Gartner  analyst  John  Pescatore,  whose  back¬ 
ground  includes  working  with  the  Secret 
Service,  says  NSA-approved  devices  like 
Sectera  would  be  secure  enough  for  use  in  a 
closed  system,  but  the  problem  is  switching  to 

See  Obama,  page  10 


InBrief 

Microsoft  brings  fault  tolerant 
technology  to  Windows 

Microsoft  and  MarathonTechnologies 
unveiled  a  partnership  and  a  joint  develop¬ 
ment  agreement  to  bring  fault  tolerant 
options  to  companies  running  Windows 
Server  2008  and  Hyper- V.  Microsoft  is  mov¬ 
ing  to  create  a  more  highly  available 
Windows  environment  by  offering  a  selec¬ 
tion  of  options  to  protect  business-critical 
applications.  Marathon,  which  offers  a  fault 
tolerant  platform  called  everRun,  will  offer 
support  for  Windows  Server  2008  before  the 
end  of  June  and  for  a  version  of  Hyper- V 
that  will  ship  in  a  future  edition  of  Windows 
Server.  Windows  Server  2008  already 
includes  failover  clustering,  but  Marathon 
adds  a  level  of  fault  tolerance  that  includes 
options  for  minimal  downtime  or  none  at  all. 
Marathon  and  Microsoft  officials  said  inte¬ 
gration  with  System  Center  management 
tools  also  are  in  development. 

Verizon  snares  $108M  NASA 
teleconferencing  contract 

Verizon  Business  has  signed  a  new  contract 
to  provide  teleconferencing  services  to  gov¬ 
ernment  space  agency  NASA  that  could  be 
worth  more  than  $100  million.  Under  the 
terms  of  the  contract,  Verizon  is  due  to  pro¬ 
vide  NASA  with  audio,  video  and  Web  con¬ 
ferencing  services  up  through  2017. 

Although  Verizon  has  provided  NASA  with 
all  of  its  teleconferencing  services  since 
2001,  the  new  contract  states  that  the  carri¬ 
er  must  now  also  provide  high-definition  IP 
video  conferencing  that  will  serve  as  an 
upgrade  to  NASA’s  current  video  confer¬ 
encing  system. 

IT  vendors  fund  learning- 
assessment  project 

Cisco,  Intel  and  Microsoft  are  investing  in  a 
research  project  aimed  at  assessing  educa¬ 
tion  methods  globally  to  improve  learning. 
Through  the  project,  researchers  will  test 
classroom  practices  and  teaching  methods 
to  ensure  they  are  effective  for  teaching 
children  what  project  leaders  consider  to  be 
21st-century  skills,  including  engagement 
with  the  latest  technology  and  the  ability  to 
develop  skills  as  technology  evolves.The 
companies  are  not  disclosing  publicly  how 
much  money  they  are  investing  in  the  pro¬ 
ject.  However,  all  three  have  made  signifi¬ 
cant  investments  in  education  research  over 
the  years.  Microsoft  currently  funds  a  pro¬ 
ject  called  Partners  in  Learning,  in  which  it 
has  pledged  a  $500  million  investment  over  a 
10-year  period. 
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What  FCC  change  means  for  telecom 

From  universal  broadband  to  ’Net  neutrality,  Genachowski  will  be  busy 


BY  BRAD  REED 

Now  that  Julius  Genachowski  has  been 
selected  by  President-elect  Barack  Obama  to 
chair  the  Federal  Communications  Commis¬ 
sion,  he  can  expect  to  be  a  very  busy  man  over 
the  next  four  years. 

Once  Genachowski  officially  takes  over  the 
FCC  later  this  month,  he  will  have  to  deal  with 
immediate  challenges,  such  as  the  impending 
transition  from  analog  to  DTY  as  well  as 
longer-term  goals, such  as  deciding  whether  to 
impose  ’Net  neutrality  rules  and  bringing 
broadband  to  underserved  regions.  As  if  that 
wasn’t  enough,  Nemertes  Research  analyst 


Obama 

continued  from  page  8 

unclassified  mode  to  use  the  Internet. 

“Internet  e-mail  is  totally  unacceptable  for  a 
president  to  use,”  Pescatore  says.  “There  is  no 
strong  authentication  —  how  can  anyone 
prove  an  e-mail  came  from  the  president? 
There  is  no  integrity  —  how  can  anyone  prove 
the  content  wasn’t  changed?” 

Use  of  something  like  the  PGP  public-key 
infrastructure  could  help  the  president  com¬ 
municate  with  others  in  a  larger  closed  system, 
Pescatore  says,  “But  that  doesn’t  stop  anyone 
from  forwarding  an  e-mail  from  him  outside 
that  closed  loop.” 

Pescatore  says  he  would  also  be  concerned 
that  any  wireless  device  might  act  as  a  radio¬ 
frequency  beacon  to  reveal  the  president’s 
location. 

The  other  challenge  —  the  legal  requirement 
under  the  Presidential  Records  Act  that  a  pres¬ 
ident  store  all  documents  in  order  to  make 
them  available  to  the  public  in  the  future  —  is 


and  Network  World  columnist  Johna  Till 
Johnson  says  the  decisions  Genachowski  and 
the  FCC  make  over  the  next  four  years  could 
very  decide  “the  fate  of  the  Internet.” 

Before  diving  into  the  specific  issues  on  the 
FCC’s  plate,  it’s  useful  to  have  some  basic  back¬ 
ground  information  about  its  incoming  chair¬ 
man.  Genachowski  previously  worked  at  the 
FCC  as  the  chief  counsel  to  former  FCC  chair¬ 
man  Reed  Hundt,  and  was  a  senior  executive 
at  the  IAC/InterActiveCorp  e-commerce  com¬ 
pany  as  well  as  a  member  of  the  boards  of 
directors  for  such  Internet  companies  as 
Expedia  and  Hotels.com.  During  the  2008 


also  a  factor  Obama  and  his  team  must  con¬ 
sider. 

Most  legal  experts  and  scholars  say  there’s 
nothing  in  the  Presidential  Records  Act  to  pre¬ 
vent  use  of  e-mail. 

“What  it  does  do,”  says  Dickinson  College 
political-science  professor  Andrew  Rudale- 
vige,“is  make  every  presidential  e-mail  a  pub¬ 
lic  record  and  thus  something  —  unless  clas¬ 
sified  for  other  reasons,  such  as  national 
security  —  will  be  released  via  the  presiden¬ 
tial  library  system.” 

Records  are  typically  deemed  “open”  12 
years  after  the  president  leaves  office,  but  can 
be  opened  by  presidential  consent,  by  the 
Freedom  of  Information  Act  or  subpoena 
before  then,  he  adds. 

However,  current  law  doesn’t  require  presi¬ 
dential  phone  calls  to  be  recorded,  though 
they  have  to  be  logged. 

So,  between  the  Presidential  Records  Act 
and  the  threat  of  PDA  hacking,  presidents 
have  some  good  reasons  to  avoid  e-mail, 
Rudalevige  notes.  ■ 


presidential  election, he  served  as  chairman  of 
the  Obama  campaign’s  Technology,  Media  and 
Telecommunications  policy  working  group, 
and  he  is  a  leader  on  the  Obama  transition 
team’s  policy  working  group  on  technology 
innovation  and  government  reform.  Obama 
and  Genachowski  have  known  each  other 
since  the  early  1990s,  when  the  two  men 
worked  at  the  Harvard  Law  Review  while  stu¬ 
dents  at  Harvard  Law  School. 

Although  Genachowski’s  background  is 
more  in  law  than  in  technology  Johnson  is 
cautiously  optimistic  because  he  seems  to 
have  a  good  grasp  of  the  big-picture  issues  fac¬ 
ing  the  telecommunications  industry  she  says. 

“One  of  the  things  I  liked  about  Genachow¬ 
ski  is  that  when  he  was  working  for  the  Obama 
campaign,  he  accurately  articulated  the 
biggest  problem  facing  the  United  States  from 
a  technology  standpoint,  which  is  the  under¬ 
investment  in  technological  research  at  the 
educational  and  university  level,”  Johnson 
says.  “We’re  still  living  off  the  proceeds  of  the 
research  and  development  investments  we 
made  in  the  ’60s  and  70s.” 

The  issues  at  stake 

Genachowski’s  most  immediate  challenge 
will  be  to  oversee  a  successful  transition  from 
the  old  analog-television  broadcasting  system 
to  the  new  digital  system  that  is  officially  due 
to  occur  on  Feb.  17.  So  far,  President-elect 
Obama  has  called  on  Congress  to  delay  the 
switch  in  order  to  give  U.S.  consumers  more 
time  to  educate  themselves  about  the  transi¬ 
tion  and  to  learn  about  the  equipment  they 
need  to  buy  to  receive  digital  signals  on  their 
analog  televisions.  Outgoing  FCC  Chairman 
Kevin  Martin,  however,  has  said  it  would  be  a 
mistake  to  delay  the  DTV  transition,  and 
instead  has  proposed  extending  the  deadline 
for  consumers  to  purchase  discounted  digital 
converter  boxes  through  the  government’s 
converter-box  coupon  program.  No  matter 
whether  Congress  decides  to  extend  the  DTV 
deadline,  the  switch  is  certain  to  consume  the 
first  few  months  of  the  FCC’s  time  as  the  com¬ 
mission  works  to  figure  out  how  many 
Americans  are  still  in  the  dark  about  purchas¬ 
ing  a  converter  box. 

After  this, the  FCC  probably  will  turn  its  atten¬ 
tion  to  two  topics  that  have  generated  a  lot  of 
headlines  in  recent  years:  ’Net  neutrality  and 
universal  broadband.  ’Net  neutrality  is  the 
principle  that  ISPs  should  not  be  allowed  to 
block  or  degrade  Internet  traffic  from  their 
competitors  to  speed  up  their  own.  Several 
consumers’  rights  groups, as  well  as  such  large 
Internet  companies  as  Google  and  eBay,  have 
led  the  charge  to  get  Congress  to  pass  laws 

See  Fee,  page  34 


How  to  build  a  presidential  PDA 

Experts  say  these  issues  have  to  be  addressed: 


•  Presidential  Records  Act  requires  documents  be  stored; 
subject  to  Freedom  of  Information  Act  and  subpoena  laws. 

•  Classified  communications  with  PDA,  whether  voice  or  e- 
mail,  expected  to  occur  with  an  NSA-approved  wireless  hand¬ 
held  device  for  top-secret  use. 

•  Commercial-grade  public-key  infrastructure  (PKI)  encryp¬ 
tion  software  could  allow  fairly  secure  e-mail  communications 
within  closed  group. 

•  Risk  factors  include  unwanted  disclosure  of  presidential  e- 
mail,  tampering  and  inability  to  absolutely  identify  the  president 
as  sender. 
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continued  from  page  1 

voice  business  and  the  accounting  scandal, 
steered  Nortel  irrevocably  off-course  this 
decade  even  as  IP  leader  Cisco  deftly  man¬ 
aged  and  made  the  most  of  its  multibillion  dol¬ 
lar  acquisitions.  A  deep-rooted  complacency  at 
Nortel  didn’t  help  matters,  either. 

“As  an  incumbent  telco  equipment  maker, 
Nortel  was  way  too  slow  to  embrace  the  reality 
of  the  change  in  the  market  they  served,”  says 
Thomas  Nolle,  president  of  consultancy  C1M1 
Corp.They  should  have  been  the  No.  1  pro¬ 
vider  of  routers  to  telcos.  Hubris  . . .  prevented 
them  from  strategically  absorbing  Bay  even 
though  they  financially  absorbed  them.” 
(Dell’Oro  lumps  Nortel  —  with  its  4%  share  of 
the  $2.2  billion  market  in  the  third  quarter,  well 
behind  leaders  Cisco  and  Juniper  — into  the 


“other”  category  in  the  telco  router  market.) 

Nortel  plodded  along  for  years  with  stagnant 
or  declining  growth  in  IP  routing  and  Layers  2, 
3  and  4-to-7  switching,  taking  just  a  3.8%  share 
of  the  $18  billion  market  in  2007.  Meanwhile, 
the  fraud  forced  the  company  to  restate  years 
of  financial  results,  a  situation  inherited  by 
CEO  Mike  Zafirovski  when  he  took  Nortel’s 
reins  in  2005. 

Zafirovski’s  efforts  to  restructure  Nortel,  how¬ 
ever,  and  get  it  back  on  track  —  by  focusing  on 
4G  wireless,  unified  communications  for  enter¬ 
prises,  Carrier  Ethernet  and  services  —  have 
been  largely  fruitless,  and  the  culmination  was 
last  week’s  bankruptcy  protection  filings.  Two 
days  before  the  filing,  Nortel  unveiled  a  new 
line  of  stackable  Gigabit  Ethernet  switches. 

Some  watchers  believe  Nortel’s  assets  in  its 
Carrier  Ethernet  Solutions  and  Metro  Ethernet 

See  Nortel,  page  12 


Microsoft-Nortel  relationship 
again  under  microscope 


Nortel’s  bankruptcy  filing  could  force 
it  into  restructuring,  and  that  could 
influence  many  of  its  noted  partner¬ 
ships,  such  as  a  unified  communications 
deal  with  Microsoft. 

In  November,  the  two  companies  said 
the  four- year  Innovative  Communications 
Alliance  (ICA)  formed  in  2006  was  solid 
and  intact.  ICA  is  a  plan  to  jointly  devel¬ 
op,  sell  and  roll  out  unified  communica¬ 
tions  and  VoIP  technology  to  corporate 
customers. 

November’s  assurances  came  after 
Nortel  had  announced  a  $3.4  billion  loss. 
With  last  week’s  filing  for  Chapter  11,  the 
longevity  of  the  deal  is  called  into  ques¬ 
tion  again. 

“Bankruptcy  does  not  mean  going  out 
of  business,  but  Nortel  is  fighting  for  its 
life,"  says  Yankee  Group  analyst  Zeus 
Kerravala.  “If  I  am  Microsoft  and  I  want  to 
get  Nortel  to  invest  in  creating  a  new 
product  is  that  still  a  viable  option?" 

Nortel’s  largest  installed  base  is  its  VoIP 
customers,  Kerravala  says.The  vendor’s 
competitors  will  jump  at  the  chance  to 
steal  those  accounts,  he  predicts.  “The 
faster  Nortel  can  touch  those  customers 
and  help  them  understand  where  invest¬ 
ments  will  be,  the  better  it  will  be  for  Nor- 
tel.The  next  90  days  are  critical,”  he  adds. 

How  Nortel  reacts  could  dictate  how  its 
partnership  with  Microsoft  evolves. 

Microsoft  has  said  it  is  waiting  for  more 
information  before  it  can  evaluate  the 
fallout.  "All  ICA  offerings  are  currently 
available  to  customers,  and  no  changes 
are  planned  at  this  time,”  a  spokesperson 


said  via  e-mail. 

The  ICA  deal  is  set  to  expire  in  2010  and 
may  do  just  that  before  Nortel  can 
emerge  from  bankruptcy.  Or  the  bank¬ 
ruptcy  could  turn  everything  upside  down, 
depending  on  the  actions  a  bankruptcy 
court  forces  upon  Nortel. 

In  a  letter  to  “Friends  of  Nortel"  Nortel 
CEO  Mike  Zafirovski  said  filing  for  bank¬ 
ruptcy  protection  will  allow  the  company 
to  reorganize  and  undertake  a  compre¬ 
hensive  business  and  financial  restruc- 
turing.The  company  said  it  will  continue 
its  day-to-day  business  as  usual. 

Zafirovski  also  said  he  hopes  that  as 
part  of  the  bankruptcy  the  company 
would  "...  narrow  our  strategic  focus  in 
an  effective  and  timely  manner." 

If  that  is  indeed  the  case,  Nortel  is  likely 
to  salvage  what  it  can  of  the  Microsoft 
relationship  because  it  provides  an  entry 
into  unified  communications. 

When  Nortel  signed  the  deal  with 
Microsoft,  Zafirovski  said  it  was  an  op¬ 
portunity  to  create  $1  billion  in  rev¬ 
enue;  two  years  later,  however,  Nortel 
was  reporting  a  $3.4  million  loss,  and 
company  officials  were  unwilling  to 
discuss  the  Microsoft  partnership  in 
terms  of  earnings. 

Nortel's  challenge  is  to  prove  not  only 
that  it  will  be  around  long  term,  but  also 
that  it  can  complement  the  Microsoft 
platform  and  be  a  strategic  partner, 
Kerravala  told  Network  World  in 
November.That  challenge  gets  tougher 
with  the  company  in  bankruptcy. 

—  JOHN  FONTANA 
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operations,  which  went  on  the  block  in 
September,  will  be  sold  off  and  its  share  in  key 
markets  will  be  dispersed  among  competitors. 
Others  say  Nortel  may  emerge  focused  solely 
on  the  enterprise  and  services,  taking  advan¬ 
tage  of  its  strength  in  VoIP  and  its  alliance  with 
Microsoft  for  unified  communications. 

The  unified  communications  market  for  the 
third  quarter  of  2008  was  $3.1  billion,  accord¬ 
ing  to  Dell’Oro.  Avaya  led  the  pack  with  22%  of 
that  market  followed  by  Cisco  with  18%,  then 
Nortel  with  11%. 

Nortel  also  is  third  behind  Avaya  and 
Siemens  in  its  share  of  the  $4.8  billion  market 
for  hybrid  IP-TDM  PBXs  in  2007,  according  to 
Dell’Oro.  The  company  is  gaining  share  in 
enterprise  voice  applications. 

Whatever  the  future  holds,  however,  last 
weeks  filing  was  an  attempt  to  put  the  brakes 
on  the  company’s  financial  free  fall.  A  year  ago, 
Nortel  had  a  net  profit  of  $27  million  in  the 
third  quarter,  but  the  company  posted  a  net 
loss  of  $3.4  million  in  the  third  quarter  that 
ended  Sept.  30,  2008.  In  that  time,  its  revenue 
dropped  14%. 

The  company’s  market  value,  which  peaked 
at  $250  billion  in  2000,  now  is  close  to  0.1%  of 
that,  at  $275  million.  Sales  of  Nortel  stock  were 
halted  last  week  on  the  New  York  Stock  Ex¬ 
change,  with  its  price  at  Wednesday’s  closing  at 
just  32  cents  per  share.The  company  is  under  a 
NYSE  warning  that  it  will  be  delisted  in  six 
months  if  the  price  doesn’t  rise  above  $1. 

Legal  filings  to  protect  the  company  from  its 
creditors  came  one  day  before  it  had  to  make 
a  $107  million  bond  payment.  The  company 
says  the  bankruptcy  filings  indicate  that  turn- 


«I  am  convinced  that  by  choosing  this  path  at 
this  time,  we  can  put  Nortel  on  sound  financial 
footing  once  and  for  all.55 

Mike  Zafirovski 

President  and  CEO,  Nortel 


ing  things  around  in  this  economic  environ¬ 
ment  will  take  measures  even  more  drastic 
than  the  $400  million  cost-cutting  campaign  it 
outlined  in  November  that  called  for  selling  its 
Metro  Ethernet  division,  laying  off  1,300 
employees  and  shuttering  facilities.  So  far, 
Nortel  has  been  unable  to  find  a  buyer  for  the 
Metro  Ethernet  division. 

Filing  for  Chapter  1 1  bankruptcy  protection 
in  the  United  States  will  allow  the  company 
to  reorganize  and  undertake  a  comprehen¬ 
sive  business  and  financial  restructuring, 
Zafirovski  says.“I  believe  these  are  the  right 
steps  toward  a  solution  for  our  company” he 
said  in  a  public  letter  addressed  to  “Friends 
of  Nortel.”  Despite  its  financial  troubles,  the 
company  will  continue  its  day-to-day  busi¬ 
ness  as  usual,  it  said  in  a  press  release.“I  am 
convinced  that  by  choosing  this  path  at  this 
time,  we  can  put  Nortel  on  sound  financial 
footing  once  and  for  all.” 

But  filing  for  bankruptcy  protection  —  which 
can  result  in  creditors  receiving  less  than  they 
are  owed  —  could  influence  decisions  by  sup¬ 
pliers  and  distributors  about  how  to  conduct 
business  with  the  company  Already  such  com¬ 
petitors  as  Enterasys  Networks,  Extreme  Net¬ 
works  and  Juniper  are  swooping  in  to  woo  cus¬ 
tomers  and  channel  partners. 


Enterasys  says  it  is  offering  Nortel  and  other 
competitors’  customers  a  100%  credit  on  their 
equipment.  HP  ProCurve  has  no  Nortel-spe¬ 
cific  enticement;  rather,  customers  and  re¬ 
sellers  are  coming  to  them,  says  Vice  President 
and  General  Manager  Karl  Soderlund. 

Some  customers  are  remaining  steadfast  in 
their  support  of  Nortel,  at  least  for  the  short 
term.  The  International  Nortel  Networks  Users 
Association  (1NNUA)  issued  a  statement  saying 
it  backed  Nortel’s  decision  and  believes  it  will 
result  in  a  stronger  enterprise  focus. 

Still,  it  was  a  sobering  event.  “We’ve  all  read 
the  media  on  what’s  been  going  on  but  it’s 
always  surprising,  even  when  you  anticipate 
that  something’s  coming,  that  it  actually  does 
happen,”  INNUA  president  Steve  Ford  said.“But 
they’ll  emerge  from  this  doing  fine,”  he  added, 
citing  a  discussion  he  just  had  with  Nortel 
Enterprise  Solutions  President  Joel  Hackney 

The  company  does  have  $2.4  billion  in  cash 
with  which  to  weather  the  storm.  What  it  will 
look  like  after  Chapter  1 1,  however,  is  now  ripe 
for  speculation.  Bankruptcy  courts  could  order 
the  sell-off  of  other  Nortel  divisions.  These 
include  an  enterprise  division  that  includes 
network  infrastructure,  VoIP  gear  and  contact- 
center  gear,  and  its  core  telecom  division  that 
sells  to  carriers.  ■ 


Nortel  woes  started  in  glory  days 


Nortel  went  on  a  tech-boom  spending  spree,  then  got  mired  in  an  accounting-fraud  scandal  that  contributed  to 
a  downward  spiral. 


Accounting  scandal: 


Nortel  strategies: 

Reviewed  frequently. 

Nortel  files  for 
bankruptcy. — 
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SAL’S  POINT  OF  VIEW 


The  tea  Stuff. 


Financial  services  firms  like  ours  are  very  dependent  on  the  use  of 
email  and  Web  connectivity  to  conduct  our  business.  As  the  Director 
of  information  technology  I  have  to  make  the  security  of  those  channels 
my  top  priority. 

And  as  the  use  of  the  domain  name  system  to  conduct  attacks,  steal 
data  and  interrupt  business  has  increased,  so  has  our  need  to  monitor 
our  communication  channels.  In  this  new  environment,  using  standard 
command  line  tools  to  detect  and  fix  critical  problems,  particularly  in  a 
crisis,  is  no  longer  an  option.  It's  time  consuming  and  costly.  And  frankly, 
that's  time  I  don't  have  and  a  cost  my  firm  can't  afford.  Like  any  smart 
IT  guy  I  look  for  the  most  efficient  solution  to  solve  a  problem.  That's  why 
I  absolutely  depend  on  DNSstuff  to  stay  on  top  of  my  domain  management 
responsibilities  and  fix  a  DNS  problem  fast  in  a  crisis.  DNSstuff  is  rock 
solid  and  reliable;  an  every  day  tool  that  I  can't;  afford  to  be 
without.  I  can  make  DNS  changes  quickly,  manage  my 
domains  with  ease,  and  run  a  report  in  seconds.  And 
DNSstuff's  24  hour  alert  service  helps  me  detect 
critical  changes  before  my  users  do. 


Like  it  or  not,  businesses  are  more  vulnerable 
than  ever  to  DNS  attac  ks,  I  sleep  better  at 
night  knowing  I  can  depend  on  DNSstuff  to 
deal  with  it.  That's  my  point  of  view. 

For  real. 

-  SAL  QUII  01  El 

IT  Director,  Thomas  H.  Lee  Partners 
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BGP 

continued  from  page  1 

“The  reason  BGP  problems  are  so  serious  is 
that  they  attack  the  Internet  infrastructure, 
rather  than  particular  hosts.  This  is  why  it  is  a 
DHS-type  of  problem,”  says  Steve  Bellovin,  a 
professor  of  computer  science  at  Columbia 
University  who  has  worked  with  DHS  on  rout¬ 
ing  security 

BGP  is  “one  of  the  largest  threats  on  the 
Internet.  It’s  incredible  —  the  insecurity  of  the 
routing  system, ’’says  Danny  McPherson, CSO  at 
Arbor  Networks.  “Over  the  last  15  years,  the 
security  of  the  Internet  routing  system  has 
done  nothing  but  deteriorate.”  He  says  routing 
security  has  been  a  chicken-and-egg  problem 
for  the  Internet  engineering  community 

“There  doesn’t  exist  a  formally  verifiable 
source  for  who  owns  what  address  space  on 
the  Internet,  and  absent  that  you  can’t  really 
validate  the  routing  system,”  McPherson  says. 

DHS  hopes  to  develop  ways  to  authenti¬ 
cate  IP  address  allocations  and  router 
announcements  about  how  to  reach  blocks 
of  IP  addresses. 

“The  hijacking  attempts  that  have  gone  on 
with  routing  are  more  nefarious  than  the  ones 
in  the  DNS,”  says  Mark  Kosters,  CTO  of  the 
American  Registry  for  Internet  Numbers 
(ARIN).  “People  don’t  realize  how  open  for 
attack  the  BGP  structure  is.The  DHS  effort  is  try¬ 
ing  to  close  that  all  up.” 

The  U.S.  federal  government  first  discussed 
the  vulnerability  of  the  Internet’s  routing  sys¬ 
tem  in  its  “National  Strategy  to  Secure  Cyber¬ 
space,”  which  was  issued  in  2003.  The  Presi¬ 
dential  directive  identified  two  Internet  proto¬ 
cols  —  BGP  and  DNS  —  that  require  modifica¬ 
tions  to  make  them  more  secure  and  robust. 

Since  then,  the  feds  have  made  progress  on 
adding  authentication  to  DNS.  Last  fall,  the  U.S. 
federal  government  announced  that  it  would 
adopt  DNS  security  extensions  known  as 
DNSSEC  across  its  .gov  domain  by  the  end  of 
2009.  The  feds  also  are  exploring  ways  to 
deploy  DNSSEC  on  the  DNS  root  servers. 

The  federal  push  for  DNSSEC  gained 
momentum  last  summer  after  a  significant 
DNS  vulnerability  was  discovered.  Security  re¬ 
searcher  Dan  Kaminsky  discovered  a  DNS  bug 
that  allows  for  cache  poisoning  attacks,  with 
which  a  hacker  redirects  traffic  from  a  legiti¬ 
mate  Web  site  to  a  fake  one  without  the  user 
knowing. 

DNSSEC  prevents  hackers  from  hijacking 
Web  traffic  by  allowing  Web  sites  to  verify 
their  domain  names  and  corresponding  IP 
addresses  using  digital  signatures  and  pub¬ 
lic-key  encryption. 

Now  the  feds  are  looking  to  add  digital  sig¬ 
natures  and  a  public-key  infrastructure  (PKI)  to 
routing  information,  which  is  vulnerable  to 
attack  when  it  is  shared  between  numbering 
registries,  ISPs  and  enterprises. 

New  BGP  security  measures  would  prevent 
incidents  such  as  when  Pakistan  Telecom 
blocked  YouTube’s  traffic  in  February  2008. 


Open  source  BGP  tools 


U.S.  Department  of  Homeland 
Security  is  funding  the  following 
projects  in  developing  open 
source  tools  aimed  at  securing  the 
Internet’s  Border  Gateway 
Protocol. 

•  Packet  Clearing  House,  which  has 
developed  a  tool  called  the  Prefix  Sanity 
Checker. 

•  The  University  of  Oregon’s  Route 
Views  Project,  which  provides  a  real¬ 
time  view  of  Internet  routing  for  network 
operators. 

•  Pre-fix  Hijack  Alert  System,  which  is 
under  development  by  Colorado  State  as 
a  routing  data-analysis  tool  for  network 
operators. 


•  Open  Source  Relying  Party  Resource 
Public  Key  Infrastructure  software  devel¬ 
oped  by  BBN. 


Bellovin  says  most  famous  router-security 
breaches  were  accidents. 

“More  of  them,  though,  are  malicious,”  Bello¬ 
vin  adds.“Every  few  weeks,  there  will  be  a  post¬ 
ing  to  [the  North  American  Network  Operators 
Group]  about  some  prefix  hijacking.” 

DHS  to  fund  multiple  efforts 

DHS  is  funding  two  key  initiatives  related  to 
enhancing  routing  security:  Resource  Public 
Key  Infrastructure  (RPKI),  which  adds  authen¬ 
tication  to  the  delegation  of  IP  address  blocks 
by  the  registries  to  ISPs  and  enterprises;  and 
BGPSEC,  which  adds  digital  signatures  to  BGP 
announcements.  (Maughan  says  he’s  modeling 
the  BGPSEC  initiative  after  the  agency’s 
DNSSEC  effort,  which  has  involved  the 
National  Institute  of  Standards  and  Technology 
and  the  IETF) 

With  RPKI,  the  regional  Internet  registries 
are  putting  together  a  PKI  to  authorize  IP 
address  delegations  from  the  Internet 
Assigned  Numbers  Authority  to  the  five 
regional  Internet  registries,  including  ARIN. 
Then  the  registries  would  authenticate  the 
assignment  of  IP  addresses  and  IP  routing 
prefixes  known  as  autonomous  systems  that 
are  used  by  network  operators. 

“The  idea  here  is  that  you’d  like  the  delega¬ 
tion  of  address  space  to  be  secure  or  signed  so 
it  is  not  forge-able,”  Maughan  says,  adding  that 
the  RPKI  initiative  deals  with  the  administra¬ 
tive  side  of  IP  address  delegation. “The  reason 
that’s  important  is  that  when  you  start  to  do  the 
routing  protocol  [security], you  want  the  reg¬ 
istry  or  registrar  or  ISP  to  be  able  within  the 
protocol  to  authenticate  that  the  address 


space  they’re  claiming  to  have  is  theirs.” 

APNIC,  the  Asia  Pacific  registry,  and  the 
European  registry  RIPE  NCC  are  running  RPKI 
prototypes.  ARIN  plans  to  offer  a  beta  RPKI  ser¬ 
vice  in  the  second  quarter,  Kosters  says. 
Production-quality  RPKI  deployment  is  “still  a 
couple  of  years  out,”  Kosters  adds. 

The  next  step  is  securing  BGP  so  that  routing 
announcements  are  authorized.  BGP  main¬ 
tains  a  table  of  IP  routing  prefixes  that  shows 
how  blocks  of  IP  addresses  can  be  reached. 
Today  there  is  no  way  in  BGP  to  tell  whether  a 
route  announcement  is  real  or  spoofed. 

BGP  is  used  by  ISPs  as  well  as  enterprises  that 
multihome  their  networks,  which  involves 
using  more  than  one  carrier  for  continuity  of 
operations.  At  issue  is  how  to  add  digital  signa¬ 
tures  to  BGP  so  that  ISPs  and  enterprises  can 
authenticate  BGP  updates  and  prevent  man-in- 
the-middle  attacks  that  allow  someone  to  redi¬ 
rect  BGP  traffic. 

“Every  instance  of  routing  hijacks  that  have 
happened  over  the  last  several  years  are 
proof  that  [securing  BGP]  needs  to  be  done,” 
Maughan  says.  “The  way  that  the  bad  guys 
can  do  this  is  essentially  advertise  that  they 
own  the  address  space,  and  if  people  have 
no  way  to  prove  otherwise,  then  the  protocol 
supports  the  hijack.” 

The  Internet  engineering  community  needs 
to  develop  a  standard  for  securing  BGP  that  in¬ 
volves  as  little  cryptographic  overhead  as  pos- 
sible.The  two  existing  proposals  —  Secure  BGP 
(S-BGP)  by  BBN’s  Kent  and  Secure  Origin  BGP 
(SoBGP)  by  Cisco  —  haven’t  been  deployed 
because  they  require  routers  to  manage  too 
many  layers  of  digital  certificates,  experts  say 

Maughan  says  DHS  plans  to  fund  research 
related  to  S-BGP  and  SoBGP  as  well  as  new 
standards  work  within  the  IETF 

“There  hasn’t  been  any  new  work  in  BGP 
security  in  a  few  years,”  Kent  says,  adding 
that  he  hopes  to  receive  some  of  the  new 
DHS  funding.  “DHS  is  attempting  to  re¬ 
initiate  this  work.” 

A  secure  routing  infrastructure  will  require 
enterprises  to  operate  a  certificate  authority 
function  so  that  they  can  digitally  sign  and  cer¬ 
tify  that  they  own  a  particular  IP  address  block 
and  have  the  authority  to  subdelegate  it,  out¬ 
source  it  or  make  some  other  decisions  about 
how  its  traffic  is  routed. 

What  securing  BGP  does  is  that  “when  some 
body  sends  out  an  update  that  they  are  now 
routing  traffic  for  a  particular  autonomous  sys¬ 
tem,  you  can  validate  that  because  those  BGP 
updates  will  be  signed,”  Maughan  says. 

Despite  the  federal  efforts,  some  experts  say 
the  Internet  engineering  community  needs  a 
massive  threat  akin  to  the  Kaminsky  DNS  bug 
before  it  will  take  action  to  secure  BGP  and  the 
rest  of  the  routing  infrastructure. 

“The  real  barrier  to  securing  BGP  is  that  we 
just  haven’t  had  a  serious  enough  attack,” 
Maughan  says.“If  people  start  losing  significant 
money  because  there’s  some  type  of  attack  on 
the  routing  infrastructure, you’ll  see  a  whole  lot 
more  interest.”  ■ 
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Virtualization  a  test  for  call  centers 

The  needs  of  real-time  applications  must  be  respected 


BY  TIM  GREENE 

IP  contact  centers  can  benefit  from  virtual¬ 
ization  as  much  as  any  other  technology,  but 
because  of  the  real-time  nature  and  need  for 
reliability  deploying  virtual  machines  in  this 
environment  requires  care  in  selection  of  hard¬ 
ware,  segmentation  of  applications  and  the  use 
of  replicating  VMs  on  the  fly. 

Contact-center  elements  such  as  voice,  inter¬ 
active  voice  response  (IVR),  automated  call 
distribution  (ACD)  and  conference  bridging 
require  near-real-time  response,  so  VMs  sup¬ 
porting  them  need  enough  dedicated  horse¬ 
power,  says  Patrick  Conroy,  CTO  of  contact-cen¬ 
ter  software  vendor  Callfinity,  which  also 
installs  its  products. 

Designing  the  contact  center  requires  dedi¬ 
cating  CPU  and  memory  to  the  real-time  appli¬ 
cations  that  need  them,  Conroy  says.  VMs  not 
running  real-time  applications  can  share 
remaining  resources  without  dire  conse¬ 
quences. 

Contact  centers  also  include  less-time-sensi- 
tive  business  applications  that  pop  up  on  call 
agents’  PC  screens  to  handle  callers’  needs  and 
that  can  handle  greater  delay 

“So  your  file  server  or  your  Exchange  server 
or  whatever  the  case  may  be  may  wind  up  run¬ 
ning  low  on  CPU  or  RAM,  but  it’s  not  as  critical 
as  your  phone  system  or  your  ACD  or  your  IVR,” 
he  says. 

Element  separation 

Separation  of  contact-center  elements  on  dif¬ 
ferent  servers  also  is  important,  Conroy  says. 
For  instance,  databases  tapped  by  multiple 
applications  should  be  put  on  separate  servers 
where  they  are  unaffected  by  CPU  and  memo¬ 
ry  demands  of  other  applications  to  ensure 
their  availability 

In  a  typical  deployment,  Conroy  will  place  a 
single,  critical  contact-center  application  such 
as  telephony  on  a  physical  host  with  other 
applications  that  are  less  critical,  “so  if  you 
need  more  capacity  for  your  telephony  layer, 
you  take  away  resources  from  your  less  impor¬ 
tant  virtual  servers.” 

Others  take  a  more  cautious  approach.  For 
instance,  contact-center  vendor  Aspect 
Software  deploys  only  its  own  applications 
on  virtual  servers  within  a  given  physical 
host, says  Roger  Sumner, senior  vice  president 
of  technology  and  architecture  for  the  firm. 
No  third-party  business  applications  are 
allowed,  he  says. 

“Over  time  I  think  the  technology  will  be 
there  within  virtual  machines  to  allow  mixing 
applications,  but  we’ll  be  very  guarded  in  that 
area  because  we  want  to  ensure  that  applica¬ 
tions  get  delivered  in  an  appropriate  amount  of 
time,”  he  says. 


Gall  centers  face  virtualization  challenges 

The  complexity  of  call  centers  and  the  real-time  nature  of  their  applications 
require  special  attention  to  ensure  successful  deployments.  Proper  hardware, 
architecture  and  segmentation  all  help. 


Host  servers 


Agent  desktop 


Meanwhile,  Aspect  is  gathering  data  about 
the  effects  that  other  applications  on  the  same 
physical  host  have  on  the  real-time  data  center 
applications.Virtual  environments  allow  setting 
of  parameters  that  help  ensure  contact-center 
applications  get  the  performance  required 
from  CPU,  memory  and  bandwidth,  Sumner 
says.  “But  when  you  exceed  those  parameters 
the  behavior  of  our  applications  isn’t  as  pre¬ 
dictable,”  he  says. 

The  goal  is  to  set  benchmarks  that  help  cus¬ 
tomers  design  virtual  deployments  that  mix 
call-center  and  business  applications  on  the 
same  hosts  and  allow  for  live  migration  with¬ 
out  risking  such  disturbances. 

“We  want  to  show  them  those  contact-center 
applications  that  mix  well  with  business  appli¬ 
cations,”  Sumner  says,  so  customers  maximize 
use  of  server  resources  and  have  flexibility 
about  where  applications  can  reside. 

On  the  fly 

Virtual  environments  can  create  VMs  on  the 
fly  to  address  performance  dips,  but  this  live 
migration  can  cause  separate  problems, 
Sumner  says. “There  can  be  as  much  as  a  five- 
second  disruption.  If  you’re  switching  voice, 
that’s  fairly  significant  for  us  to  deal  with,”  he 
says.  So  again  he  steers  clear  of  live  migration 
for  time-sensitive  applications. 

In  any  case,  live  migration  characteristics 
vary  from  vendor  to  vendor  of  virtualization 


platforms,  and  businesses  need  to  know  about 
the  differences.  “Be  aware  of  what  their  live 
migration  characteristics  are  and  design 
around  them,”  says  Chris  Wolf,  an  analyst  with 
the  Burton  Group.  “That  might  result  in  more 
VMs  that  average  a  smaller  load  versus,  say 
fewer  VMs  that  run  a  higher  concurrent  load.” 

Live  migration  can  result  in  proliferation  of 
VMs,  which  creates  more  challenges,  says 
Francois  Richard,  the  director  of  infrastructure 
engineering  at  Nuance  Software,  which  makes 
speech-recognition  software  used  in  contact 
centers.  Monitoring  should  be  segmented  so 
like  applications  can  be  viewed  at  once.  For 
example,  if  speech-recognition  software  is 
located  on  multiple  VMs  on  multiple  physical 
hosts,  monitoring  should  be  set  up  to  view  all 
those  instances  at  once,  he  says. 

Some  contact-center  delays  can  be  pinned 
on  the  hardware  used  to  support  the  VMs 
rather  than  on  the  software,  Wolf  says. 
Converting  VM  demands  for  CPU,  memory  or 
I/O  capacity  creates  an  overhead  as  these  vir¬ 
tual  demands  are  translated  into  the  use  of 
physical  resources.These  translations  take  time 
that  can  cause  delays  in  applications  that 
require  frequent  updates  to  these  page  tables, 
Wolf  says. 

AMD  has  developed  chips  to  handle  these 
translations  more  quickly  in  hardware,  and 
Intel  is  close  behind,  he  says.  So  businesses 

See  Virtualization,  page  18 
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Cisco  revamps  wireless  lineup 


BY  JOHN  COX 

Cisco  last  week  unveiled  an  802. 1 1  n  wireless 
LAN  access  point  designed  to  simplify  enter¬ 
prise  deployments,  lower  costs  and  improve 
performance  for  existing  802.1  lg  and  802.1  la 
wireless  clients.  At  the  same  time, Cisco  Capital 
launched  new  programs  to  help  companies 
finance  large-scale  802.1  In  deployments, 
including  25%  trade-in  credits  to  entice  buyers 
to  swap  out  their  existing  WLAN  gear. 

The  new  Aironet  1 140  access  point  uses  the 
same  mounting  hardware  as  Ciscos  existing 
Aironet  1250  802.1  In  products,  but  it  has  two 
important  additions.  First,  it  can  deliver  full 

802.1  In  performance,  with  data  encryption 
active,  on  an  existing  802. 3af  Power-over- 
Ethernet  (PbE)  infrastructure.  Second,  Cisco 
plans  to  introduce  in  April  a  feature  based  on 
an  optional  part  of  the  802.1  In  draft  standard 
called  beamforming. 

With  beamforming,  the  1 140  access  point 
can  tailor  its  transmissions  to  802.1  la/g 
clients,  creating  a  stronger  signal  and  higher 
throughput.  Cisco  is  citing  a  Miercom  test 
report  that  shows  the  beamforming  feature, 
dubbed  ClientLink,  created  an  average 
throughput  boost  of  65%  for  802.1  la/g  clients, 
and  provided  coverage  in  hard-to-reach  areas 
that  previously  had  no  signal  at  all. 

Today  according  to  Cisco,  802.1  In  clients 
and  access  points  use  a  technique  called 
explicit  transmit  beamforming  to  optimize  the 
signal  between  them:  The  signal  sent  from 
each  antenna  is  coordinated  with  the  others, 
to  improve  the  signal  at  the  receiving  end. This 
is  possible  because  the  802.1  In  receiver  feeds 
signal  information  back  to  the  transmitter. 
Legacy  802.1  la/g  clients  can’t  participate  in 
that  feedback,  however. 

Nevertheless,  802.1  la/g  clients  do  get  some 
performance  improvement  on  the  uplink  to 
an  802.1  In  access  point.  That  happens 
because  the  access  point,  which  typically  has 
three  antennas,  uses  an  algorithm  called  max¬ 
imal  ratio  combining  (MRC)  to  adjust  the  dif¬ 
fering  phases  and  amplitudes  of  the  signal  it 
picks  up  on  each  antenna. 

With  ClientLink,  Cisco  uses  MRC  calcula¬ 
tions  to  let  the  access  point  target  its  transmis¬ 
sion  more  effectively  to  the  downstream 

802. 1  lg  or  802.11a  client,  via  modifications  to 
the  Cisco  Wi-Fi  chipset  including  new  algo¬ 
rithms  and  digital  signal  processing  imple¬ 
mented  in  silicon.  According  to  Cisco, 
ClientLink  “enables  the  access  point  to  opti¬ 
mize  the  [signal-to-noise  ratio]  exactly  at  the 
position  where  the  client  is  placed.” 

The  1 140  access  point  is  available  in  two  ver¬ 
sions:  a  one-radio  model  for  $1,100  and  a  two- 
radio  model  for  $1,300.  It  has  a  2-by-3  antenna 
configuration,  for  two  spatial  streams.  The 
antennas  are  housed  in  a  casing  (the  1250’s 
antennas  were  externally  mounted  and  sepa- 


Cisco’s  new  Aironet  1140  802.11n  access 
point  (left)  has  an  integrated  antenna, 
whereas  the  Aironet  1250  (right)  re¬ 
quires  separately  purchased  external 
antennas.  New  beamforming  capabili¬ 
ties  in  the  1140  give  a  boost  to  existing 
802.11g  and  802.11a  clients. 

rately  priced).  It  has  one  Gigabit  Ethernet  port, 
and  supports  802.1  li,  Wi-Fi  Protected  Access 
and  WPA  2,  and  802. IX  authentication. 

Both  radios’  300Mbps  maximum  data  rate 
requires  bundling  two  20MHz  channels  into 
wider  40MHz  channels,  in  keeping  with  the 
IEEE  802.1  In  draft  standard.  Each  radio  sup¬ 
ports  802.1  la/b/g  and  802.1  In  clients,  and 
operates  in  the  2.4GHz  and  5GHz  bands.  The 
two-radio  model  can  run  both  transceivers  in 

802.1  In  mode  simultaneously  without  com¬ 
promising  performance,  Cisco  says. 

Both  versions  of  the  1140  can  use  existing 


BY  JIM  DUFFY 

Nortel  last  week  extended  its  Gigabit 
Ethernet  stackable-switch  line  with  a  series 
that  has  integrated  lOGbps  uplinks  and  a 
model  that  supports  as  many  as  96  Power-over- 
Ethernet  ports  for  unified  communications 
deployments. 

The  Nortel  Ethernet  Routing  Switch  (ERS) 
5600  line  comprises  five  switches:  the  5632FD, 
5650TD,  5650TD-PWR,  5698TFD  and  the 
5698TFD-PWR.  Nortel  claims  they  offer  as 
much  as  18  times  the  stacking  performance, 
twice  the  capacity  and  seven  times  the  resili¬ 
ency  of  competitors’  stackable  switches. 

The  5632FD  targets  data-aggregation  appli¬ 
cations.  It  is  a  Layer  3  routing  switch  with  24 
lOOOBase-X  small  form-factor  pluggable  (SFP) 
ports  and  eight  lOGBase-X  10  Gigabit  small 
form-factor  pluggable  (XFP)  ports,  and 
includes  two  built-in  FAST  stacking  ports  in  a 
1.5RU  form  factor  incorporating  redundant 
power  supplies. 

The  5650TD  can  be  deployed  in  a  horizontal 
stacking  configuration  to  create  a  high-density 
data  center  system  suitable  for  wiring-closet, 
server-distribution  and  data-aggregation  appli¬ 
cations,  Nortel  says.  It  provides  48  ports  of 


802. 3af  PoE  infrastructures,  a  huge  gain  for 
Cisco  and  its  customers.  As  was  the  case  with 
most  of  its  rivals,  Ciscos  previous  802.1  In 
access  point  needed  additional  power  via 
power  injectors  or  other  hardware  to  run  at 
full  802.1  In  performance,  especially  with  two 
radios.  For  the  1 140,  engineers  sifted  through 
the  electronics  design  to  boost  efficiency  and 
trim  power  use  wherever  possible,  says  Chris 
Kozup,  Cisco  senior  manager  for  mobility 
solutions. 

Toyota  Motor  Sales  of  Torrance,  Calif.,  has 
been  testing  the  two-radio  1 140  since  last  sum¬ 
mer,  and  plans  to  deploy  it  companywide, 
eventually  replacing  some  2,900  existing  Cisco 

802.1  la/b/g  devices  in  its  corporate  head¬ 
quarters,  regional  offices  and  warehouses. 

Toyota  has  deployed  a  few  1250  802.1  In 
models,  but  these  need  power  injectors  for 
extra  juice  and  are  festooned  with  big,  exter¬ 
nal  wand  antennas,  says  Erik  Parker,  senior 
wireless  infrastructure  analyst  with  the  com¬ 
pany’s  wireless  design  and  engineering 
department.  The  1 140  works  well  with  the 
existing  Cisco  PoE  switches  and  Catalyst  6500 
modules,  he  says. 

The  improved  signal  strength  with  the  new 
1140  means  that  Toyota  can  increase  the 
radius  of  their  WLAN  cells  (the  area  around 
each  access  point)  from  35  to  50  feet.  “That’s 
pretty  significant,”  Parker  says.  ■ 


lO/lOO/lOOOBase-T  with  auto-sense  plus  two 
XFP  uplink  ports. 

“In  the  data  center,  you  can  design  different¬ 
ly  and  flatten  the  network,”  says  Yankee  Group 
analyst  Zeus  Kerravala.“It’s  designed  for  virtual 
environments.  For  [virtual  machines]  moving 
across  the  network,  this  reduces  latency^ 

The  5650TD  includes  two  built-in  FAST  stack¬ 
ing  ports  in  a  1RU  design  incorporating  redun¬ 
dant  power  supplies. 

The  5650TD-PWR  has  the  same  configura¬ 
tion  as  the  5650TD  but  also  supports  IEEE 
802. 3af  PoE  for  supporting  IP  telephony 
devices. 

The  5698TFD  provides  96  ports  of  10/100 
/1000Base-T,  six  combination  SFP  ports  plus 
two  XFP  ports.The  switch  includes  two  built-in 
FAST  stacking  ports  in  a  2RU  design  incorpo¬ 
rating  N+l  redundant  power  supplies. 

The  5698TFD  targets  wiring-closet, server-dis¬ 
tribution  and  data-aggregation  applications, 
Nortel  says.  Its  sister,  the  5698TFD-PWR,  has  the 
same  configuration  but  includes  PbE  support 
for  IP  telephony  and  unified  communications 
deployments. 

The  ERS  5600  line  is  available  now. The  price 
per  unit  ranges  from  $8,000  to  $20,000.  ■ 


Nortel  refreshes  Gigabit  switches 
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Infoblox  adds 
DNS  services 
to  Cisco  routers 

BY  DENISE  DUBIE 

Infoblox  and  Cisco  last  week  teamed  to 
offer  Infoblox’s  DNS,  DHCP  and  other  core  net¬ 
work  services  via  blades  designed  to  slide 
into  Cisco’s  integrated  services  routers. 

The  technology  partnership  will  let  cus¬ 
tomers  put  DNS,  DHCP  IP  address  manage¬ 
ment  and  other  core  network  services  on 
blades  in  Cisco  routers  deployed  at  branch 
offices,  eliminating  the  need  for  a  separate 
server  to  maintain  those  services.  The  prod¬ 
uct,  developed  under  Cisco’s  Application 
extension  Platform  (AXP),  lets  customers 
push  network  services  closer  to  the  edge  and 
consolidate  infrastructure  in  remote  offices. 
Industry  watchers  say  the  partnership 
reflects  a  trend  among  enterprise  companies 
to  reduce  infrastructure  while  maintaining 
services. 

“Remember  the  Trapper  Keeper?’  That’s 
what  Cisco’s  routers  are  becoming  for 
enterprise  branch  office:  a  single  place  to 
keep  all  critical  network  applications  and 
services,”  says  Phil  Hochmuth,  senior  ana¬ 
lyst  at  Yankee  Group. “This  is  being  enabled 
largely  by  the  AXP  which  allows  organiza¬ 
tions  to  cram  as  many  services  —  even 
ones  beyond  Cisco’s  own  scope,  such  as 
Infoblox  IP  address  management  —  onto  a 
single  platform.” 

According  to  Infoblox,  enterprise  compa¬ 
nies  can  spend  between  $600  and  $1,500 
managing  a  server  per  branch  office  per 
month.  Removing  the  need  for  a  server  at 
the  branch  to  support  core  network  ser¬ 
vices  not  only  reduces  that  cost,  but  also 
ensures  the  branch  will  continue  to  have 
DNS,  DHCP  NTPFTTPHTTPTFTP  and  syslog 
proxy  capabilities  at  the  remote  location  — 
even  if  a  connection  to  the  data  center  is 
lost.  Infoblox  vNIOS  Virtual  Appliance  soft¬ 
ware  installs  on  a  blade  in  Cisco’s  widely 
deployed  ISR  router  line  —  reportedly  4 
million  are  installed  today  —  which 
Infoblox  Vice  President  of  Marketing  Rick 
Kagan  says  will  reinforce  the  vendor’s  mes¬ 
sage  that  DNS  services  can’t  be  ignored 
even  in  a  difficult  economy. 

“The  benefits  of  having  DNS  at  the  branch 
include  cost  reductions,  getting  rid  of  a  server 
and  no  longer  having  to  staff  or  pay  to  main¬ 
tain  one  is  immediate  ROI,but  also  customers 
will  experience  performance  gains,”  he  says. 
“The  DNS  server  is  among  the  more  difficult 
to  get  out  of  the  branch,  and  this  technology 
makes  it  possible.” 

Infoblox  virtual  software  for  the  Cisco  ISRs  is 
priced  at  $995  on  the  Cisco-302  blade.  ■ 


Virtualization 

continued  from  page  15 

should  consider  these  chips  when  choosing 
hardware  on  which  to  run  contact-center  VMs. 

“In  the  past  I’ve  seen  organizations  blame 
latency  issues  on  network  or  storage  I/O  when 
in  fact  it’s  directly  related  to  physical  memory 
latencyfWolf  says.“Businesses  have  been  really 
afraid  of  the  latency  issues  and  of  being  able  to 
do  virtualization  on  a  large  scale,  but  with  this 
hardware  1  see  more  of  them  looking  to  go  in 
that  direction  in  2009.” 

High  availability  —  redundancy  that  is  criti¬ 
cal  to  contact  center  reliability  —  is  another 
challenge  in  virtual  environments,  Wolf  says. 
“Your  typical  high-availability  solution  today  is 
only  able  to  detect  failure  of  the  physical  serv¬ 
er  and  relocate  the  virtual  machine  as  a  result 
of  that,”  he  says.  “In  general  it  has  very  little 
insight  into  what  is  happening  inside  the  virtu¬ 
al  machine.” 

The  virtual  machine  as  black  box 

The  virtual  machine  is  treated  as  a  black  box, 
he  says,  which  means  an  application  can  hang 
up  inside  a  VM  without  the  high-availability 
software  knowing  about  it.  “That  virtual 
machine  would  continue  to  operate  as  if  noth¬ 
ing  is  going  wrong,”  he  says. 

Similarly  if  server  hardware  fails,  the  virtual 
environment  needs  to  respond  quickly  to 
maintain  calls,  Wolf  says. “What  I  mean  by  that 
is  if  there  is  a  partial  failure  on  the  physical 
host  I  don’t  want  complete  loss.  I  might  have, 
say  a  network  card  go  down,  which  in  a  con¬ 
tact  center  can  be  critical  in  terms  of  the 
amount  of  I/O  I’m  going  to  lose,”  he  says. 

In  that  case  it  would  be  desirable  to  live 
migrate  the  VMs  on  the  affected  host  to  a 
healthy  machine.  One  solution  called  continu¬ 
ous  availability  keeps  a  hot  standby  VM  ready 
in  the  same  state  as  the  active  VM. 

“With  that  I’m  able  to  run  a  single  VM  on  mul¬ 
tiple  physical  nodes  simultaneously  and  keep 
that  virtual  machine  in  lockstep  so  if  I  do  have 
a  physical  node  failure,  the  VM  continues  to 
run,  and  I  do  not  lose  any  application  state  as 
a  result,”  he  says,  adding  that  Marathon 
Technologies  has  such  a  product. 

“That’s  the  type  of  intelligence  that  still  needs 
to  evolve,”  he  says. 

Beyond  server  virtualization,  virtualizing  the 
desktops  of  contact-center  agents  can  pro¬ 
duce  further  benefits  but  requires  care  to  avoid 
degraded  voice  quality,  says  Robert  Iglehart, 
senior  vice  president  of  IS  at  Thomas  L. 
Cardella  (TLC)  &  Associates,  a  contact-center 
provider  in  Cedar  Rapids,  Iowa.  The  firm  uses 
Citrix  desktops  for  the  business  applications 
used  by  agents,  but  relies  on  Avaya  hard 
phones  for  voice. 

“There’s  enough  other  things  to  worry  about 
than  to  worry  about  what’s  the  person  hearing 
from  me  at  the  other  end,"  he  says.“Am  I  cutting 
out?  Is  there  a  big  delay?  Are  we  having  a 
walkie-talkie  effect?  We  just  really  don’t  have 
any  tolerance  for  that, and  that’s  what’s  keeping 


us  from  virtualizing  the  voice.” 

For  contact-center  applications  that  are  not 
demanding  of  CPU,  VMs  are  ideal,  Iglehart 
says,  for  all  the  same  reasons  virtual  machines 
are  used  in  general  —  redundancy  and  mov¬ 
ing  VMs  on  the  fly  as  capacity  demands. 

“It’s  more  reliable  because  you’re  concentrat¬ 
ing  your  applications  in  the  data  center  on  bet¬ 
ter  equipment.Storage  is  put  on  a  [storage-area 
network] .  “You  don’t  have  desktops  on  agent 
stations  getting  beaten  around  every  day/’  he 
says. 

TLC  supports  specific  business  applications 
for  each  of  its  customers,  Iglehart  says,  and  vir¬ 
tualizing  the  desktops  reduces  maintenance  of 
these  applications.  Each  customer  wants  a 
unique  set  of  scripts,  reports  and  order-entry 
systems,  he  says. 

“We  end  up  supporting  a  lot  of  different 
applications  for  our  clients,  so  there’s  a  lot  of 
change  that  happens  a  lot  more  than  in  other 
industries,”  he  says. 

Changes  can  be  implemented  on  a  virtual 
desktop  to  see  whether  they  are  compatible, 
then  rolled  out  centrally  where  they  are 
accessed  by  the  remote  machines,  he  says. 

“Virtualization  makes  it  almost  a  nonissue  to 
add  more  seats  and  new  locations  because  all 
you  need  is  a  network  connection,”  he  says. 
“The  applications  are  already  where  you  need 
them.” 

The  overriding  factor  in  virtualizing  contact 
centers  is  having  thorough  knowledge,  either 
in-house  or  via  consultants,  of  virtualization 
platforms,  experts  say 

“1  wouldn’t  suggest  somebody  trying  to  cut 
their  teeth  on  virtualization  with  their  call-cen¬ 
ter  deployment,”  Wolf  says.  “If  they  don’t  have 
the  expertise,  they  should  get  it.  There’s  more 
than  one  way  to  skin  a  cat  in  virtualization, and 
if  you  start  out  wrong  it’s  going  to  cost  you 
more  in  the  long  run  than  it  will  if  you  get  some 
help  up  front.”  ■ 
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Top  25  list  of  software  errors 

NSA,  intelligence  community  firmly  behind  software  security  effort 


BY  ELLEN  MESSMER 

Will  the  list  of  the  Top  25  worst  software 
errors  released  last  week  be  able  to  rescue  cus¬ 
tomers  from  rotten  software? 

That’s  the  palpable  hope  from  some  security 
managers  who  have  backed  the  government 
and  industry  effort  to  identify  the  worst  pro¬ 
gramming  mistakes  that  lead  to  patch-manage¬ 
ment  headaches  and  even  cybercrime  and 
cyberespionage. 

With  the  Top  25  list  —  which  sprang  from  an 
effort  that  began  with  the  Department  of 
Homeland  Security  seeking  to  pinpoint  which 
software  weaknesses  lead  to  security  breaches 
—  there’s  optimism  that  software  buyers  will 
be  able  to  use  this  common  set  of  definitions 
to  ask  that  software  vendors  fix  their  mistakes 
without  major  legal  or  financial  fuss. 

This  list  of  techie  goof-ups  starts  with  “improp¬ 
er  input  validation”  and  ends  with  “client-side 
enforcement  of  server-side  security’  Vendors 
may  simply  ignore  the  list  to  brush  off  con¬ 
cerns  and  evade  responsibility  it’s  pointed  out. 
But  some,  including  New  York  state,  are  expect¬ 
ed  to  lead  the  way  in  making  the  Top  25  a  big 
topic  of  discussion  during  the  software-acqui¬ 
sition  process. 

“What  keeps  me  up  at  night?  Application  vul¬ 
nerabilities,”  says  Will  Felgrin,CISO  for  New  York 
state  and  director  of  the  state’s  office  of  cyber¬ 
security  and  critical  infrastructure.  Vulner¬ 
abilities  laid  out  so  neatly  in  the  Top  25  list  are 
“increasingly  the  vector  for  attacks,”  he  notes. 
He  strongly  supports  the  effort  behind  the  list, 
which  was  pulled  together  with  industry  and 
government  input  by  Mitre  Corp.in  its  Common 
Weakness  Enumeration  (CWE)  project. 

The  list  was  culled  from  about  700  funda¬ 
mental  software  issues  Mitre  identified  over 
three  years.  The  basic  idea  for  the  project  is 
said  to  have  started  with  the  U.S.  government’s 
National  Security  Agency  (NSA). 

New  York  state  not  only  is  going  to  use  the  list 
for  educational  purposes  with  its  own  software 
developers,  but  also  is  going  to  use  the  list  as 
application-security  guidelines  best  practices 
for  any  application  developers  it  hires. 

“It’s  a  concrete  way  to  give  application  devel¬ 
opers  what  needs  to  be  looked  at  being  elimi¬ 
nated  before  an  application  goes  into  produc¬ 
tion,”  Pelgrin  says. 

The  Top  25  list  also  is  likely  to  make  its  way 
into  some  contractual  negotiations  for  applica¬ 
tion  purchases  elsewhere.That’s  a  move  strong¬ 
ly  supported  by  Alan  Paller,  director  of  research 
at  The  SANS  Institute,  which  helped  organize 
the  Top  25  effort. 

“This  is  language  you  really  need  to  put 
into  your  contract,”  Paller  says,  adding  that 
some  software  vendors  are  charging  cus¬ 
tomers  extra  to  fix  serious  software  errors 


the  customers  bring  to  their  attention.  For 
example,  Siemens  had  paid  about  100,000 
euros  for  a  custom  application  it  discovered 
had  “critical  security  flaws,”  but  the  vendor 
refused  to  fix  them  until  it  was  paid  an  extra 
145,000  euros,  he  says. 

Previous  efforts  to  identify  software  weak¬ 
nesses  —  such  as  the  SANS  Top  Twenty  list  — 
have  not  been  hugely  successful  in  getting  ven¬ 
dors  to  develop  less-buggy  security  Paller 
acknowledges.The  fact  that  the  NSA  and  other 
government  entities  have  fostered  the  Top  25 
list  nevertheless  makes  him  optimistic  that  the 
list  and  its  definitions  could  become  a  tool  to 
greatly  improve  the  customer’s  playing  field 
with  vendors. 

The  list  is  getting  attention  within  the  intelli¬ 
gence  community  including  the  NSA  and  the 
Office  of  the  Director  of  National  Intelligence 
(ODNI),  which  is  supposed  to  coordinate 
efforts  across  agency  lines. 

The  list  represents  “a  consensus  of  definition, 
the  definition  of  the  problems,  the  taxonomy  of 
what  we’re  talking  about,”  says  Margie  Gilbert, 
deputy  with  the  ODNI’s  Comprehensive  Na¬ 
tional  Cyber  Initiative. 

The  federal  government  will  be  encouraged 
to  use  the  list  as  a  “tool”  for  obtaining  software 
that’s  free  of  the  bugs  that  can  be  exploited  and 
hence  present  security  threats,  Gilbert  says. 

Whether  or  not  the  federal  government 
makes  reference  to  the  Top  25  mandatory  in 
software  dealings  may  depend  on  the  experi¬ 
ence  of  places  like  New  York  state  that  are  lead¬ 
ing  the  way  in  including  it  in  contractual 
arrangements,  Gilbert  adds. 

The  normally  taciturn  NSA  took  the  some¬ 
what  unusual  step  of  issuing  a  statement  on  the 
software  errors  list. “The  publication  of  a  list 
of  programming  errors  that  enable  cyber¬ 
espionage  and  cybercrime  represents  an 
important  turn  in  software  security  aware¬ 
ness  from  a  system  administrator-centered 
view  [detect/respond/patch]  to  a  software 
engineering-centered  view  [design/imple¬ 
ment/verify],”  says  Konrad  Vesey,  speaking 
for  NSA’s  Information  Assurance  Direc¬ 
torate.  “When  consumers  see  that  most  vul¬ 
nerabilities  are  caused  by  a  mere  25  weak¬ 
nesses,  a  new  standard  for  due  diligence  in 
product  development  is  likely  to  emerge. 
The  vocabulary  of  software  security  is 
expanded  from  what  the  vendor  tested 
against  to  what  the  vendor  built  in,”  he  says. 

“Weaknesses  are  the  root  cause  behind  all 
the  things  we  keep  patching,”  says  Bob 
Martin,  CWE  project  leader  at  Mitre,  which 
spearheaded  the  government  project.  He 
points  out  that  the  Top  25  is  more  than  just 
a  list  —  it  also  includes  a  lot  of  information 
on  how  to  prevent  and  mitigate  weakness¬ 


es,  as  well  as  a  pattern  of  attacks. 

“In  2010,  there  will  be  a  Top  25  and  maybe 
some  new  things  on  there  we  don’t  know 
about  today?’  Martin  concludes.  ■ 


Software  security 


TheTop  25  programming  errors 

1.  Improper  input  validation 

2.  Improper  encoding  or  escaping  of 
output 

3.  Failure  to  preserve  SQL  query  struc¬ 
ture  (SQL  injection) 

4.  Failure  to  preserve  Web  page  struc¬ 
ture  (cross-site  scripting) 

5.  Failure  to  preserve  operating  system 
command  structure  (OS  command 
injection) 

6.  Cleartext  transmission  of  sensitive 
information 

7.  Cross-site  request  forgery 

8.  Race  condition 

9.  Error  message  information  leak 

10.  Failure  to  constrain  operations  within 
the  bounds  of  a  memory  buffer 

11.  External  control  of  critical  state  data 

12.  External  control  of  file  name  or  path 

13.  Untrusted  search  path 

14.  Failure  to  control  generation  of  code 
(code  injection) 

15.  Code  download  without  integrity  check 

16.  Improper  resource  shutdown  or 
release 

17.  Improper  initialization 

18.  Incorrect  calculation 

19.  Porous  defenses 

20.  Use  of  a  broken  or  risky  crypto¬ 
graphic  algorithm 

21.  Hard-coded  password 

22.  Insecure  permission  assignment  for 
critical  resource 

23.  Use  of  insufficiently  random  values 

24.  Execution  with  unnecessary 
privileges 

25.  Client-side  enforcement  of  server- 
side  security 


www.networkworld.com  •  JANUARY  19,  2009  •  19 


Who  is  Apple's  stand-in  GEO  Cook? 

Tim  Cook  will  be  filling  in  for  Steve  Jobs  until  June  at  least 


BY  JOHN  COX 

Who  is  Apple’s  low-profile 
COO  Tim  Cook  who  is  to  stand 
in  for  Steve  Jobs  while  Jobs 
takes  a  leave  of  absence  due  to 
his  health?  Fortune  did  a  profile 
of  Cook  last  fall,  when  rumors 
were  still  swirling  about  Jobs’ 
medical  problems,  in  light  of  his 
thinness  and  paleness. 

Cook  has  taken  over  the  CEO 
reins  from  Jobs  before:  for  two 
months  in  2004,  while  Jobs  was 
recovering  from  surgery  for 
pancreatic  cancer. 

Cook  turned  48  in  November 
and  the  Fortune  article  de¬ 
scribed  him  as  a  “fitness  nut”  and  “intensely 
private.” 

He’s  from  Alabama  and  is  a  1984  engi¬ 
neering  graduate  of  Auburn  University. 

Cook  was  hired  by  Apple  a  decade  ago  to 
deal  with  the  mess  of  Apple’s  manufactur¬ 
ing  and  distribution  operations  and  its  sup¬ 
ply  chain. The  coolest  products  in  the  world 
are  useless  unless  they  meet  quality  crite¬ 
ria,  can  be  manufactured  efficiently  with 
strict  cost  controls,  and  through  an  entire 


set  of  complex  inter-relation¬ 
ships  deliver  the  product  effi¬ 
ciently,  on  time,  to  everyone  who 
wants  one. 

Fortune  tracked  some  data  that 
showed  Cook  has  been  very  suc¬ 
cessful  in  keeping  inventory  low 
and  profit  margins  high,  both 
highly  desirable  trends. 

The  article  mentions  one 
meeting  of  his  team  to  talk  over 
a  problem  in  China.  According 
to  Fortune,  Cook  told  the  group, 
“This  is  really  bad.  Someone 
should  be  in  China  driving  this.” 
Thirty  minutes  later,  he  glanced 
at  Sabih  Khan,  a  key  operations 
executive,  “and  abruptly  asked,  without  a 
trace  of  emotion, ‘Why  are  you  still  here?’  ” 
“Khan,  who  remains  one  of  Cook’s  top 
lieutenants  to  this  day,  immediately  stood 
up,  drove  to  San  Francisco  International 
Airport,  and,  without  a  change  of  clothes, 
booked  a  flight  to  China  with  no  return 
date,  according  to  people  familiar  with  the 
episode.The  story  is  vintage  Cook:  demand¬ 
ing  and  unemotional.” 

Macintosh  blogger  John  Gruber,  at  Daring 


Fireball,  is  impressed  with  Cook’s  analysis  of 
the  Macintosh  market,  and  of  Apple’s  ongo¬ 
ing  strengths  during  last  October’s 
announcement  of  new  Macintosh  products. 

Gruber  wrote: 

“Cook  then  showed  two  pie  charts.  One 
showing  the  Mac’s  unit  share  in  the  U.S. 
retail  market  at  18  percent,  up  from  ‘a  single 
digit  number,  just  a  few  years  ago’.  Cook 
then  drops  the  kicker,  the  single  key  point 
you  need  to  grasp  to  understand  Apple’s 
Macintosh  business:  ‘And  what’s  more 
impressive  than  this  is  if  you  look  at  revenue 
share.  Because  we  focus  on  fully  featured 
systems,  and  we  don’t  compromise  on  qual¬ 
ity,  our  revenue  share  is  over  31  percent. 
That  means  that  one  out  of  every  three  dol¬ 
lars  that’s  spent  on  computers  in  U.S.  retail  is 
spent  on  the  Macintosh. What  a  difference  a 
few  years  makes.’”® 
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Apple  COO  Tim  Cook 
previously  stepped 
in  for  Steve  Jobs 
during  the  CEO’s 
pancreatic  cancer 
surgery  in  2004. 


HP  extends  virtual  systems  mgmt 

Software  automates  data-center  deployments  and  speed  recovery  efforts 


BY  DENISE  DUBIE 

HP  last  Thursday  introduced  an  expanded 
software  suite  designed  to  help  data-center 
managers  rapidly  and  accurately  deploy  new 
technologies  and  more  quickly  recover 
remote  servers  in  the  event  of  a  failure. 

HP’s  Insight  Orchestration  and  Insight 
Recovery  are  add-on  software  applications  for 
HP  Insight  Dynamics  -VSE.the  vendor’s  phys¬ 
ical  and  virtual  systems  management  product. 
Insight  Orchestration  uses  visual  design  tools 
that  let  systems  administrators  create  multi¬ 
node,  multitier  templates  for  data-center  infra¬ 
structure.  With  the  templates  on  hand,  systems 
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administrators  can  then  use  Insight 
Orchestration  to  more  quickly  deploy  new 
infrastructure  with  the  needed  storage  and 
network  resources  automatically  associated 
with  the  physical  or  virtual  servers. 

“Systems  administrators  can  create  a  catalog 
of  best  practice  templates  from  which  to 
choose  and  they  won’t  need  to  spend  the  time 
redefining  requirements  when  the  business 
demands  more  data  center  resources,”  says 
Mark  Linesch,  vice  president  of  HP  Insight 
Software. 

Insight  Recovery  is  designed  to  reduce  the 
“risk  associated  with  downtime,”  he  says.  The 
software  provides  disaster-recovery  capabili¬ 
ties  for  systems  administrators  running  blade 
systems  with  a  mix  of  physical  and  virtual 
servers.The  product  is  designed  for  customers 
with  multiple  locations  or  branch  offices  that 
might  need  to  restart  applications  remotely 
The  software  works  with  VMware  hypervisors 
and  allows  for  site-to-site  replication,  and  con¬ 
nects  to  HP  StorageWorks  Enterprise  Virtual 
Array-based  products  running  Continuous 
Access  data-replication  software  with  HP 
ProLiant  servers. 

Both  applications  run  on  the  same  server  sys¬ 
tems  that  administrators  have  deployed  Insight 


Dynamics  on,  Linesch  explains, and  can  be  pur¬ 
chased  separately  as  optional  software. 

“These  are  practical  tools  that  increase  pro¬ 
ductivity  and  ultimately  save  people  money?’ 
Linesch  says.  “IT  organizations  today  need  to 
be  looking  to  save  every  watt  of  energy  every 
hour  of  labor  and  every  dollar  they  spend  so 
they  can  become  more  flexible  and  respond 
to  business  needs.” 

The  HP  Insight  Dynamics  -  VSE  suite  for 
ProLiant  is  licensed  on  a  per-server  basis. 
Server  prices  range  from  $1,195  to  $1,495. 
There  are  eight-  and  16-license  packages 
offered  with  built-in  discounts;  prices  range 
from  $7,960  to  $20,720  ($995  to  $1,295  per 
server). 

For  Insight  Recovery  the  U.S.  list  price  per 
server  is  $995,  or  the  eight-  and  16-license 
packages  are  priced  at  $945  per  server  (eight 
licenses  for  $7,560  and  16  licenses  for 
$15,120).  For  Insight  Orchestration,  the  U.S.  list 
price  per  server  is  $795,  or  the  eight-  and  16- 
license  packages  are  priced  at  $695  per  server 
(eight  licenses  for  $5,560  and  16  licenses  for 
$11,120). 

These  offerings  are  available  this  month 
directly  from  HP  or  through  qualified  channel 
partners.® 
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Telecom  predictions  for  the  New  Year 


Last  week  we  looked  at  how  well  the  Eye  of 
the  Carrier  predictions  held  up  for  2008. 
This  week,  let’s  peer  into  the  crystal  ball 
for  2009.You’ll  notice  a  few  similarities  —  and 
a  couple  of  key  changes  —  for  this  year: 

•  Unified  communications  VoIP  applica¬ 
tions  emerge.  Companies  that  rolled  out 
VoIP  in  2008  or  before  are  beginning  to  take 
advantage  of  the  full  power  of  IP-enabled 
communications.  Look  for  applications  such 
as  IP  contact  centers  and  presence-enabled 
messaging  to  go  main¬ 
stream.  How  will  we 
know?  Track  players 
such  as  Aspect 

Software,  which  specialize  in  IP  contact  cen¬ 
ters.  And  look  for  new  providers  to  emerge 
(yes,  even  in  this  market). 

•  Carrier  Ethernet  takes  center  stage.  For  the 
first  time  in  years,  there’s  a  real  challenge  to  the 
dominance  of  Layer  3  MPLS  in  the  WAN. 

Enterprises  are  turning  in  unprecedented  numbers  to  carrier  Ethernet 
services,  driven  primarily  by  ease  of  use  and  lower  cost-per-Mbps. 
About  87%  of  enterprises  that  have  tried  it  say  they  expect  to  purchase 
more  in  2009.The  only  drawback  so  far  is  availability  How  will  we  tell  if 
carrier  Ethernet’s  winning?  Look  for  success  by  players  such  as 
Masergy  (one  of  the  earliest  deployers  of  carrier  Ethernet),  and  check 
for  unexpected  wins  by  Verizon  (which  promotes  carrier  Ethernet 
aggressively)  against  AT&T  (which  offers  carrier  Ethernet  but  is  still 
milking  its  MPLS  cash  cow). 

•  Video  keeps  coming  on  strong.  With  travel  restrictions  in  full 
force  at  most  companies  through  at  least  June,  look  for  firms  that 
have  invested  in  video  and  telepresence  technologies  to  start 
using  it  —  and  look  for  others  to  make  the  investment  (economy 


permitting).  How  to  tell?  Check  out  performance  of  the  videocon¬ 
ferencing  offerings  of  players  such  as  Cisco,  HP  Nortel  and 
Polycom  —  and  services  from  players  such  as  AT&T,  Masergy  and 
others. 

•  Outsourcing  continues  apace. Yes,  it  was  a  trend  in  2008  —  but 
it  will  continue  through  2009  (and  very  likely,  beyond). Whether 
services  like  cloud  computing,  or  more  basic  hosted  and  managed 
services  for  anything  from  VoIP  to  data  centers,  various  flavors  of 
outsourcing  continue  to  remain  strong.  Check  out  bellwether 
Equinix  to  see  how  well  this  prediction  pans  out. 

•  Virtualization  drives  WAN  architecture  changes. The  past  few 
years  have  seen  unprecedented  deploy¬ 
ment  of  server  and  desktop  virtualization, 
along  with  data  center  consolidation. The 
result  is  to  make  computing  services  more 
heavily  reliant  on  the  WAN  than  ever  —  dri¬ 
ving  investment  in  backbone  and  branch- 
office  services.  Look  for  new  gear  in  the 
branch  (application  optimization  plus  WAN 
acceleration)  as  well  as  continued  uptake 
of  highly  reliable,  high-performance  ser¬ 
vices  in  the  backbone.  How  to  tell?  Check  out  the  financial  per¬ 
formance  of  WAN  optimization  gear-makers,  and  the  enterprise 
data  divisions  of  carriers  (both  the  big  guys  and  emerging  alter¬ 
native  players). 

•  Wireless  deployment  continues.  I  don’t  foresee  as  sharp  an 
uptick  in  expenditures  as  we’ve  experienced  over  the  past  12 
months,  but  look  for  enterprises  to  continue  investing  in  wireless 
and  mobility  solutions,  and  the  business  case  for  these  products 
and  services  continues  to  become  more  compelling. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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For  the  first  time  in  years, 
there’s  a  real  challenge  to  the 
dominance  of  Layer  3  MPLS 
in  the  WAN. 


SAP  project  costs  cited  in  jeweler's  bankruptcy 


BY  CHRIS  KANARACUS,  IDG  NEWS 
SERVICE 

A  Colorado  retail  jewelry  chain  that  filed 
for  Chapter  1 1  bankruptcy  last  week  partly 
attributed  its  move  to  rampant  cost  over¬ 
runs  on  an  SAP  implementation,  according 
to  a  court  filing. 

Shane  Co.  entered  a  contract  with  SAP  in 
2005  for  a  “highly  sophisticated  ‘point  of 
sale’  and  inventory  management  system”  at 
an  original  projected  cost  of  $8  million  to 
$10  million  and  a  one-year  project  sched¬ 
ule,  the  document  states.  But  costs  ended 
up  skyrocketing  to  $36  million  and  the 
implementation  stretched  out  to  32  months, 
eventually  going  live  in  September  2007. 

The  company  subsequently  found  that  the 
system  “did  not  yet  provide  accurate  inventory 
count  numbers,”  causing  it  to  become  “sub¬ 
stantially  overstocked  with  inventory  and  with 
the  wrong  mix  of  inventory’  adding  to  Shane 
QTs  capital  costs  and  affecting  sales  through 
year-end  2007  and  the  first  nine  months  of 
2008,  the  court  document  says. 

The  system  “became  stable  and  function¬ 
al"  toward  the  end  of  2008,  but  still  does  not 
deliver  “the  full  functionality  originally  con¬ 
tracted  for,”  the  filing  states.  Eight  indepen¬ 


dent  contractors  are  now  attempting  to 
remedy  the  problems. 

But  a  “precipitous  decline  in  retail  sales, 
particularly  in  luxury  goods,”  due  to  the 
recession,  was  the  biggest  reason  for  the 
company’s  bankruptcy  filing,  not  the  SAP 
project,  according  to  the  document,  filed  in 
the  U.S.  Bankruptcy  Court  for  the  District  of 
Colorado. 

Sales  in  2007  were  $275  million,  but  the 
company  expected  2008  returns  to  be 
between  $207  million  and  $210  million. The 
company’s  bankruptcy  petition  listed  both 
its  assets  and  debts  as  being  between  $100 
million  and  $500  million. 

SAP  did  not  comment  on  the  story. 

Shane  Co.’s  news  follows  another  recent 
public  disclosure  of  trouble  with  an  SAP 
implementation.  Late  last  year,  bed-maker 
Select  Comfort  said  it  was  halting  work  on 
an  SAP  enterprise  resource  planning  pro¬ 
ject  as  part  of  a  cost-cutting  plan. 

Select  Comfort,  maker  of  the  Sleep 
Number  bed,  had  for  months  been  under 
pressure  by  a  shareholder,  the  Clinton 
Group,  to  spike  the  SAP  project. 

In  letters  to  Select  Comfort’s  board,  the 
Clinton  Group  characterizes  the  ERP  imple¬ 


mentation  as  significantly  over  budget  and 
behind  schedule,  and  the  company’s  lead¬ 
ership  as  reckless.  The  Clinton  Group  said 
Select  Comfort  spent  $12  million  on  the 
implementation  in  2007  and  “anticipates 
spending  another  $8  million  in  2008,  assum¬ 
ing  no  additional  costs. ...  It  is  difficult  for  us 
to  envision,  given  the  size  of  the  company, 
that  the  company  could  ever  achieve  cost 
savings  to  justify  such  a  large  expense.”  ■ 


ONLINE:  Customer  relationship 
management 

This  Buyer's  Guide  details  front- 
office-based  software  and  services 
that  help  companies  manage  customer 
relationships.This  is  a  very  broad  field 
of  products  that  encompass  technolo¬ 
gies  that  assist  with  the  automation  of 
basic  business  processes  and  facili¬ 
tate  appropriate  collaborative  interac¬ 
tion  with  customers. 

www.nwdocfinder.com/1125 
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Ensuring  obsolescence, 
declining  economic 
competitiveness 


§18® 

* ‘JH 


One  of  the  dumbest  things  the  U.S. gov¬ 
ernment  has  done  in  the  technology 
area  over  the  last  few  decades  is  to 
assume  that  the  United  States  is  the  source 
of  all  scientific  knowledge  and  high-tech 
products. 

This  assumption  has  been  best  exemplified 
by  the  thicket  of  controls  on  the  export  of 
high-tech  knowledge  and  products,  and  the 
restrictions  placed  on  non-U.S.  researchers  in 
U.S.  research  centers. 

In  yet  another  recognition  of  the  stupidity  of 
these  controls, a  panel  of  the  National  Research  Council  (NRC),a  U.S. 
government-supported  research  center,  has  published  a  pre-release 
version  of  a  report  calling  on  the  new  administration  to  change  the 
rules  dramatically 

In  summary  the  NRC  report  says  that  the  current  “unilateral  strategy 
of  containment  and  isolation  of  our  adversaries  is,  under  current  con¬ 
ditions,  a  self-destructive  strategy  for  obsolescence  and  declining  eco- 


NET  INSIDER 

Scott  Bradner 


nomic  competitiveness.”  In  addition,  the  strategy  does  not  work.  Other 
than  that,  I  guess  things  are  fine. 

U.S.  government  export  controls  on  encryption  technology  histori¬ 
cally  have  been  the  poster  child  for  what  is  wrong  with  the  current 
approach.  For  many  years  the  government  blocked  the  export  of 
encryption  technology  even  when  the  exact  (and  in  many  cases 
better)  encryption  technology  was  available  on  the  open  market  in 
other  parts  of  the  world.  A  few  years  ago,  this  situation  was  partially 
fixed,  but  the  underlying  issue  —  the  rule  makers  aren’t  willing  to 
understand  the  real  world  —  has  persisted. 

These  are  the  report’s  four  findings:  Current  export  controls 
weaken  U.S.  innovation  and  competitiveness. These  controls  are 
fundamentally  broken  and  cannot  be  fixed  by  tweaking. The  secu¬ 
rity  and  economic  prosperity  of  the  United  States  depend  on  our 
being  engaged  fully  in  the  world  around  us.  No  system  will  elimi¬ 
nate  all  risks  to  U.S.  security  —  the  current  system  may  even  give  a 
false  sense  of  security. 

In  addition,  the  report  makes  three  recommendations: The  new 
president  should  restructure  the  export  control  system  with  an 
aim  to  balance  security  and  other  interests,  such  as  U.S.  competi¬ 
tiveness.  Controls  should  be  used  only  where  they  will  be  effec¬ 
tive,  and  each  restriction  must  be  fully  justified  and  revisited  annu¬ 
ally  —  the  default  action  being  to  remove  a  restriction  unless 
there  is  a  very  good  reason  to  keep  it. 

Also  recommended  is  that  restrictions  be  relaxed  on  non-U.S.  citi¬ 
zens  studying  and  working  in  scientific  research  in  the  United 
States. 

This  report  makes  a  lot  of  sense.  It  is  pathetic  to  watch  the  gov¬ 
ernment  tell  U.S.  companies  they  are  not  permitted  to  compete 
against  non-U.S.  companies  just  because  some  device  was  put  on 
a  control  list  a  decade  ago  and  no  one  since  has  had  the  under¬ 
standing  to  see  that  the  technology  is  widely  available  in  most  of 
the  rest  of  the  world. 

Somehow,  some  of  these  bureaucrats  seem  to+  think  that  no  one 
outside  of  this  country  has  any  scientific  knowledge.  1  hope  the 
new  administration  will  pay  attention  to  reports  like  this  and  bring  the 
United  States  back  into  the  real  world. 

Disclaimer:  Harvard  tries  to  get  students  to  the  point  where  they 
can  figure  out  what  the  real  world  is  and  means,  but  I’ve  not  seen  a 
university  position  on  this  report.  So,  please  take  the  above  review 
and  opinion  as  mine. 


Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


MAXAttach  IP 

Superior  SIP-based  VoIP 
Conferencing  Solutions 


S  Better  audio  performance 


Visit  www.clearone.com/listen 
to  hear  the  difference. 
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Managing  IT  services  proactively 


TECH  UPDATE 

■  An  inside  look  at  technologies  and  standards 


BY  DAVID  HAYWARD 

There’s  a  growing  desire  among  IT  professionals  to  manage  their 
diverse  technologies  according  to  the  services  they  deliver,  and  to 
have  a  predictive  view  of  those  services  and  a  cross-silo  view  of  the 
components  they  comprise.  This  desire  is  driven  by  the  need  to  prevent 
problems  before  they  can  affect  the  business,  pinpoint  problems’  root 
cause  quickly  put  an  end  to  finger-pointing  among  the  IT  teams  responsi¬ 
ble  for  each  silo,  and  speed  mean  time  to  repair. 


New  management  tools  can  support  a  “ser¬ 
vice  model,”  a  software  representation  of  all 
the  IT  elements  required  to  deliver  a  service. 
Besides  visualization,  the  service  model 
should  have  monitoring  hooks  into  actual  ele¬ 
ments,  an  understanding  of  the  relationships 
among  those  elements,  policy-based  thresh¬ 
olding  for  proactive  warnings  and  alarms, 
event  correlation,  root-cause  analysis,  and 
alarm  (symptom)  suppression. 

The  definition  of  an  IT  service  depends  on 
personal  preference.  An  IT  service  could  be 
CRM  software,  an  online  shopping  cart, 
express-mail  tracking,  insurance  benefits 
selection  or  e-mail  —  essentially,  what  users 
see  or  experience.  In  all  cases,  an  IT  service 
model  comprises  a  particular  cross-silo  col¬ 
lection  of  IT  components:  network  devices, 
physical  and  virtual  systems,  databases,  and 
applications.  Each  component’s  health  is  mon¬ 
itored  and  its  status  is  reflected  in  the  IT  ser¬ 
vice  model  to  show  its  current  or  projected 
effect  on  the  service. 

IT  organizations  are  eyeing  IT  servicemodel¬ 
ing  because  it  enables  them  to  manage  tech¬ 
nologies  in  the  context  of  business  impact  and 
to  rank  corrective  actions  according  to  busi¬ 
ness  priority.  Because  IT  service-modeling  in¬ 
volves  a  grouping  of  IT  components, it  requires 
sharing  data  across  siloed  management  tools, 
teams  and  processes. 

Integrated  network  and  application  manage¬ 
ment  is  essential. To  show  all  IT  service  depen¬ 
dencies,  IT  service-modeling  integrates  infra¬ 
structure  management  for  all  silos  (networks, 
systems  and  databases)  with  application  man¬ 
agement.  In  real  time,  the  model  shows  each  IT 
service’s  current  status,  trends  and  root  causes 
based  on  real-time  measurement  of  the  user 
experience,  a  comparison  of  the  time  each 
business  transaction  spends  in  each  silo  as  it 
traverses  the  infrastructure,  and  an  analysis  of 
the  health  of  each  infrastructure  component 
and  of  the  application  itself. 

Measuring  the  user  experience  indicates 
compliance  with  service-level  agreements 
(SLA).  End-to-end  monitoring  shows  where 
(that  is,  in  which  silo)  a  business  transaction’s 


performance  degrades  or  fails  outright.  A 
analysis  of  each  silo’s  health  reveals  how  the 
underlying  infrastructure  may  be  affecting 
business  transactions  negatively  An  analysis  of 
the  application’s  health  can  reveal,  for  exam¬ 
ple,  how  the  J2EE  or  .Net  software  environ¬ 
ment  itself  may  be  affecting  business  transac¬ 
tions  negatively. 

Infrastructure  monitoring  may  show  that 
although  uptime  and  performance  are  within 
accepted  tolerances  (operating-level  agree¬ 
ments),  some  applications  could  be  violating 
SLAs  because  of  poor  software  configuration 
or  constrained  database  server  resources. 
Hardware  server  utilization  may  be  within 
prescribed  limits,  but  certain  applications 
could  be  hogging  server  resources  enough 
to  force  other  applications  to  exceed  their 
prescribed  response  times.  Infrastructure 
could  be  blamed  for  poor  performance,  but 
the  application  software  itself  could  be 
poorly  written. 

Without  holistic  IT  service-modeling,  there’s 
no  way  to  correlate  all  factors.  Moreover, all  the 
components  of  an  IT  service  could  be  within 
accepted  tolerances,  but  the  service  could  be 
at  risk  because  performance  is  degrading  and 
heading  for  a  fiasco.  IT  service-modeling  that 
includes  a  proactive,  predictive  view  is 
required. 

Proactive  performance  management  means 
correcting  degradations  before  they  affect  the 
user  experience  or  automated  business  pro¬ 
cesses  noticeably.  Instrumentation  must  be  in 
place  to  monitor  infrastructure  performance 
indicators,  business  transactions  and  SLA 
compliance;  policies  must  be  in  place  to  trig¬ 
ger  early  warnings  of  degradation  trends 
before  they  slow  transactions  or  result  in  a  ser¬ 
vice-crippling  outage. 

Key  performance  indicators  (KPI)  for  infra¬ 
structure  —  there  are  hundreds  to  choose 
from  —  are  measured  in  terms  of  time  over 
threshold  and  deviation  from  normal. 

Time-over-threshold  rules  should  be  imple¬ 
mented  in  a  way  that  warns  of  negative  KPI 
trends.  That  means  indicating  persistent  con¬ 
ditions,  not  every  transient  spike  or  drop.  So, 


rather  than  sending  an  alarm  every  time  a 
switch  port  reaches  100%  utilization  and  dis¬ 
cards  packets,  the  threshold  rules  should  trig¬ 
ger  an  alarm  only  if  the  port  discards  packets 
for  a  cumulative  period  of,  for  example, 20  min¬ 
utes  within  an  hour-long  reporting  window. 

Deviation-from-normal  rules  combined 
with  time-over-threshold  rules  trigger  early 
warnings  when  KPls  persistently  deviate  from 
a  business  cycle’s  historical  behavior.  Higher 
than  normal  traffic  on  a  router  interface 
could  indicate  a  runaway  program  taxing  a 
remote  server.  Higher  than  normal  CPU  uti¬ 
lization  on  a  server  or  excessive  database 
check-pointing  inform  operators  of  an 
impending  degradation. 

In  the  application  environment,  depletion  of 
threads  and  pooled  objects,  memory  leaks, 
Java  Database  Connectivity  driver-database 
version  mismatch,  and  bad  coding  can  have 
significant  effects  on  an  IT  service. To  manage 
this,  baselining  and  heuristic  trending  must  be 
applied  to  enable  predictive  alarms. 

By  monitoring  100%  of  the  business  transac¬ 
tions  that  traverse  a  network,  IT  gets  a  real 
understanding  of  the  user  experience  and 
transactions’  success  (completion).  Watching 
response  trends  to  warn  of  impending  SLA 
violations  helps  IT  be  proactive. 

When  user  response  is  above  its  prescribed 
400-msec  SLA,  how  does  IT  most  efficiently 
pinpoint  the  cause?  Cross-silo  IT  service-mod¬ 
eling  is  the  best  practice.  First,  it  lets  IT  see  the 
infrastructure  components  and  application 
elements  that  the  service  comprises. Second, it 
provides  predictability  by  letting  IT  see  the 
performance  trends  of  the  infrastructure  and 
application  elements  that  will  affect  the  over¬ 
all  IT  service  in  the  future.  Third,  it  helps  IT 
identify  root  causes  by  correlating  events  that 
have  affected  service  uptime  or  performance. 

Network  operations  center  personnel  are 
in  a  good  position  to  take  advantage  of  this 
holistic  view.  All  business  transactions  flow 
back  and  forth  across  the  network  —  con¬ 
necting  users  to  application  servers  and 
servers  to  back-end  systems,  databases  and 
Web  services.  Learning  IT  service-availability 
management  best  practices  that  combine 
service  modeling  across  all  silos  with  proac¬ 
tive  performance  monitoring  puts  them  in 
the  catbird  seat. 

Hayward  is  a  senior  principal  product  mar¬ 
keting  manager  with  CA  (www.ca.com). 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Syn*er*gy  (definition) 


the  simultaneous  action  of  separate  elements  which,  together, 
have  greater  total  effect  than  the  sum  of  their  individual  effects 


Syn*er»gy  2009  (event) 


a  mega-conference  focused  on  virtualization,  networking  and 
application  delivery,  and  steps  you  can  take  today  to  enable 
a  simpler  and  more  cost  efficient  computing  environment  for 
your  company. 


at  Synergy  2009  May  4-7,  Las  Vegas,  NV 


Network  World  Live!  joins  Virtualization  Congress  and  Citrix  at 
Synergy  2009  to  present  the  foremost  experts  in  virtualization, 
networking  and  application  delivery  and  show  how  you  can 
break  from  the  cost  and  complexity  of  distributed  computing. 


Register  today  to  take  advantage  of  Early  Bird  Discounts  at 
www.  networkworld.  com/synergy09. 


Where  Virtualization  +  Networking  +  Application  Delivery  Meet 


Finding  music  online  and  driving  IMAP 


Mark  Gibbs 


[e  will  continue  our  foray  into  the  nether¬ 
world  of  malware  next  week  —  see  this 
week’s  Backspin  for  a  report  of  where  I’m 
at  with  fixing  my  compromised  machine. 

In  the  meantime,  here  are  a  couple  of  cool 
GEARHEAD  Gearheady  things  that  have  caught  my  eye. 

First,  there’s  a  neat  Windows  application  for 
your  downtime  called  Radiotracker  that  finds 
music  from  about  70,000  artists  divided  into  over 
80  genres  on  20,000  Internet  radio  stations  and  saves  songs  as  individual 
MP3  files.You  can  specify  what  you’re  looking  for  in  detail  and  the  com¬ 
pany  RapidSolution  Software  AG,  claims  the  average  time  required  to  ful¬ 
fill  a  request  is  25  seconds. Radiotracker  also  finds  and  records  podcasts, 
plays  your  music,  burns  CDs  and  a  lot  more.  RadioTracker  Premium, 
which  includes  a  ringtone  editor,  is  way  cool  at  $27. 

There  are  also  Platinum  and  AudialsOne  versions  of  Radiotracker,  for 
$40  and  $60  respectively.The  Web  site  isn’t  completely  clear  on  what  the 
former  adds,  but  the  latter  makes  it  possible  to  download  music  videos. 
I’ll  give  Radiotracker  Premium  a  score  of  4.5  out  of  5. 

Next,  we  have  a  collection  of  Perl  scripts  for  working  with  IMAP  servers 
published  by  Rick  Sanders. These  scripts  can  copy  messages  and  mail¬ 
boxes  from  one  IMAP  server  to  another,  copy  POP3  messages  to  an  IMAP 
server,  perform  a  mass  migration  of  messages  from  one  IMAP  server  to 
another  for  a  set  of  users,  move  messages  from  one  IMAP  mailbox  to 
another  based  on  a  set  of  rules, query  an  IMAP  server  for  a  list  of  features 
it  supports,  write  IMAP  messages  to  local  files,  ping  an  IMAP  server,  syn¬ 
chronize  two  IMAP  accounts,  copy  messages  from  an  IMAP  server  to 
Mbox  format,  copy  messages  from  Mbox  format  to  an  IMAP  server,  syn¬ 
chronize  mbx  and  IMAP  accounts,  purge  an  IMAP  mailbox,  move  mes¬ 
sages  marked  “deleted”  to  trash  mailbox,  copy  Mozilla  messages  to  an 


IMAP  server,  and  delete  duplicate  IMAP  messages. Whew. 

Even  better,  the  scripts  can  use  SSL  connection  (they  require  openSSL 
and  the  IO::Socket::SSL  Perl  module  to  do  so). 

These  scripts  are  fantastically  useful  if  you’ve  moved  your  email  ser¬ 
vices  over  to  Google’s  Gmail  like  I  have  because  it  is  free  and  has  really 
good  spam  filtering.The  other  allures  of  Gmail  are  that  it  has  lots  of  stor¬ 
age  (7GB  per  user),  supports  POP3,  supports  SMTRsupports  IMAP  sup¬ 
ports  SSL,  makes  searching  amazingly  fast,  and  it’s  free. 

I  have  Gmail  pick  up  messages  via  POP3  from  my  various  domains 
and  I  then  handle  my  e-mail  via  the  Gmail  interface  (which  is  a  world- 
class  piece  of  Web  engineering)  or  through  Outlook  on  Windows  or 
Apple’s  Mail  under  OS  X  orThunderbird  on  either  platform. 

Tiie  beauty  of  this  system  is  that  if  Gmail  should  become  unavailable,  I 
can  always  access  my  e-mail  through  my  domain  Webmail  service.  Gmail 
also  gives  me  support  for  multiple  clients  on  multiple  OSes.  And  I  can 
route  my  outgoing  mail  via  Gmail  which  means  I  have  a  searchable 
record  of  everything  I  send,  I  get  filtering  and  searching  without  having  to 
use  my  own  processor  cycles,  and  I  can  access  the  Gmail  user  interface 
from  anywhere  in  the  world,  including  devices  such  as  theT-Mobile  Gl. 

So,  if  you  implement  a  system  like  this  you’ll  want  to  move  all  of  your 
e-mail  from,  say  Outlook,  to  Gmail.  You  can  do  this  by  connecting  to 
Gmail  using  IMAP  and  then  simply  dragging  and  dropping  your  local 
Outlook  content  over  to  the  appropriate  Gmail  folders. 

While  this  works  well  enough  it  is  very  slow.  Here’s  where  Sanders’ 
scripts  are  incredibly  useful.  You  can  upload  entire  mailboxes,  down¬ 
load  and  archive  mailboxes, and  so  on. Problem  solved. I’ll  give  Sanders’ 
IMAP  scripts  4.8  out  of  5. 

Gibbs  is  on  message  in  Ventura,  Calif.  Want  an  invite  to  Gmail?  Drop  a 
note  to  gearhead@gibbs.com. 


Four  things  to  watch  post-CES 

As 


COOLTOOLS 


the  dust  settles  from  the  2009  Con¬ 
sumer  Electronics  Show,  here  are  four 
’  trends  worth  looking  at  based  on  some 
products  that  were  announced  at  the  show. 

1 .  Ooma  and  the  future  of  home  VoIP:  The  first 
generation  of  the  Ooma  system  had  a  bulky  box 
and  probably  a  higher  learning  curve  than  in¬ 
tended  for  most  customers.  At  CES,the  company 
launched  its  next-generation  sys¬ 
tem,  the  Telo,  which  includes  a  cordless  handset  (using 
DECT  6.0  technology),  the  ability  to  add  as  many  as  six 
other  handsets, and  mobile  transfer  (routing  calls  from  the 
cell  phone  to  the  Telo, saving  on  cellular  minutes). The 
“free  home  phone”  offering,  for  which  users  pay  upfront, 
with  no  monthly  fees,  may  finally  be  appealing  once  users 
try  out  the  Telo  handset  and  realize, “Oh,  this  thing  is  a 
phone  system.”  The  Telo  will  be  available  in  the  first 
half  of  the  year.  As  we  continue  to  see  many  homes 
ditch  their  landlines  in  favor  of  their  cell  phones, 

Ooma  seems  to  be  a  nice  way  to  keep  a  landline 
phone  without  having  to  pay  for  a  monthly  landline 
voice  service. 

2.  HyperSpace  and  the  boot-up  conundrum:  One  of 
my  favorite  booth  visits  was  with  Phoenix  Technologies?  -mm 
which  makes  the  HyperSpace  “instant  on/off”  software  for^ 
Windows  XP  and  Vista  systems. The  software  acts  like  a  virtual  operating 
system  that  launches  quicker  than  the  normal  Windows  boot-up  process. 
With  the  faster  boot-up  time,  users  also  can  connect  to  wireless  networks 
quicker,  letting  them  check  email  or  do  some  Web  browsing  while 
Windows  boots  up  in  the  background. At  first,  this  may  not  seem  like  a  big 
deal,  but  the  company  also  plans  a  development  kit  to  allow  other  appli¬ 
cations  to  utilize  the  software,  which  means  we  could  see  applications 


Ooma’s  Telo  could 
replace  landlines. 


running  on  a  user’s  notebook  without  needing  to  run  Windows  at  ail, 
such  as  listening  to  music  or  watching  a  DVD.  On  the  opposite  end,  hav¬ 
ing  a  quick  shutdown  process  will  also  be  a  huge  time-saver,  especially 
for  mobile  travelers  who  want  to  get  their  last  bit  of  work  done  before  the 
airplane  doors  close. Stay  tuned  for  a  review  of  HyperSpace. 

3.  Smartphones  are  here  to  stay:  I’m  holding  off  final  judgment  of 
whether  Palm’s  announcement  of  its  Pre  smartphone  will  “bring  back” 
the  company  or  not  until  I  get  to  touch  the  device  and  try  it  for  an  ex¬ 
tended  period  of  time.  It  certainly  seems  to  have  a  lot  of  the  features  that 
users  will  want  and  like  (touch  interface,  but  also  with  a  keyboard).  As 
2009  moves  along.it  will  be  interesting  to  see  how  Microsoft  and  its  part¬ 
ners  respond  with  new  Windows  Mobile  devices,  and  whether  we’ll  see 

another  Android-based  phone  in  the 
United  States. 

4.  Solving  the  energy  crisis:  We 

continue  to  see  issues  around  try¬ 
ing  to  keep  our  gadgets  powered 
and  running.  At  CES,  1  walked 
around  the  show  floor  with  two 
gadgets  to  try  and  keep  my  iPhone 
3G  powered  through  the  day. 
.|  Fortunately,  there  were  several 


devices  and  power  improve¬ 
ments  announced  at  the  show 
R  that  aim  to  improve  the  battery  life. 
I  really  like  the  wireless  “placemat”  concept  from  companies  like 
Fbwermat  and  ConvenientPower.  Placing  a  device  on  one  of  these 
stands  to  recharge  may  eliminate  the  bundle  of  wires  and  power 
adapters  that  make  our  traveling  bags  heavier  on  each  trip. 

Shaw  can  be  reached  at  kshaw@nww.com.  Be  sure  to  check  out  the 
multitude  of  CES  videos  online  at  www.networkworld.com. 
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STUFF 

HAPPENS. 


No  matter  where  you  are 
or  what  you’re  doing,  something  or 
someone  can  compromise  your  DNS. 
Be  the  first  to  know  about  your  domain 
or  email  problem,  especially  when 
your  business  depends  on  it. 

■1  DNSstuff.com 

CLICK.  CHECK.  RESOLVE. 


Alert  services  that  work  for  you 
24/7/365 

DNSalerts  (domain  monitoring) 
RBLalerts  (email  blacklist  monitoring) 

■  Put  our  alerts  to  the  test  -  FREE! 
Select:  Promo  Pack  |  Alert  Combo  2  month 
Coupon  code:  NWWALERT 


1  CLEAR  CHOICE  TEST  WLAN  MANAGEMENT  TOOLS 


Formidable  tools  for  capturing  and 
analyzing  WLAN  traffic  abound 

WildPackets  and  CACE  Technologies  offer  best  bells  and  whistles 


BY  C.J.  MATHIAS,  NETWORK  WORLD  LAB  ALLIANCE 

The  value  of  capturing  and  analyzing  network  traffic  is  well  estab¬ 
lished.  After  all,  the  generic  “sniffer”  has  been  a  fixture  of  networking 
since  the  days  of  “datascopes”  on  RS-232  connections.  Wireless  links 
introduce  a  number  of  complicating  elements  to  this  process,  however 
— Wi-Fi  protocols  are  unique  at  Layer  2,  and  traffic  over  the  air  isn’t  seri¬ 
alized,  as  is  the  case  with  wire.  Simultaneous,  competing  traffic  is  often 
the  norm. 

Packet-capture  tools  are  no  longer  the  first-line  approach  to  trou¬ 
bleshooting,  and  many  Wi-Fi  assurance  suites  include  a  variety  of  capa¬ 
bilities  that  can  resolve  even  vexing  problems  without  resorting  to  pro¬ 
tocol  analysis.  Nevertheless,  there  are  times  when  an  analysis  of  raw,  real 
data  is  the  only  way  to  go,  particularly  when  connection  and  authenti¬ 
cation  challenges  are  being  diagnosed. 

Wi-Fi  packet-capture  and  analysis  products  come  in  a  number  of 
forms.  Some  vendors  offer  this  capability  as  part  of  more  elaborate 
analysis  tool  sets,  while  others  are  quite  ad-hoc,  focusing  only  on  cap¬ 
ture  and  analysis.  In  this  Clear  Choice  Test,  as  part  of  our  continuing 
series  of  wireless-LAN  (WLAN)  management-tool  reviews,  we  tested  the 
applicable  packet-capture  and  analysis  features  of  all  the  major  Wi-Fi 
assurance  tools  including  those  from  AirMagnet,  Aruba  Networks  (the 
former  Network  Chemistry  line), Motorola  (the  former  AirDefense  prod¬ 
uct  family)  and  WildPackets. 

We  also  tested  ad-hoc  products  from  Cace  Technologies  and 
TamoSoft.  There  are  a  number  of  other  ad-hoc  tools  available,  but 
they  were  not  suitable  for  this  test  for  a  variety  of  reasons.  (See  re¬ 
lated  story,  page  30.) 

The  good  news  is  that  four  of  the  six  products  tested  got  perfect  or 
near-perfect  scores  in  our  evaluation,  showing  a  particularly  high  level 
of  functions  and  maturity  Any  of  these  would  be  suitable  to  resolve 
even  difficult  Wi-Fi  connectivity  challenges. 

So,  it  is  difficult  to  reduce  this  testing  to  a  single  obvious  winner 
because  the  range  of  features  across  the  products  is  so  broad,  to  say 
nothing  of  the  range  of  prices.  There’s  a  lot  to  be  said  in  favor  of  a 
large,  omnibus  assurance  package, such  as  AirMagnet’s  WiFi  Analyzer 
or  WildPackets’  OmniPeek,  both  of  which  contain  very  robust  and 


useful  packet-capture  and  analysis  functionality  —  and  a  lot  more. 

If  we  had  to  pick  one,  however,  it  would  be  OmniPeek  because  it  is 
undeniably  simple,  powerful  and  convenient.  WiFi  Analyzer  finishes 
in  a  very  close  second. The  choice  really  depends  on  the  other  assur¬ 
ance  features  required  and  on  one’s  preference  for  a  specific 
approach  to  the  user  interface. 

Of  the  more  focused  products,  CACE’s  AirPcap  and  TamoSoft’s 
CommView  for  WiFi  encompass  an  excellent  combination  of  high  func¬ 
tion,  ease  of  use  and  convenience  in  simple,  low-cost  packages. 
AirPcap  gets  the  nod  here,  however,  because  of  the  hardware  adapter 
included  and  the  availability  of  the  optional  but  very  powerful  and 
excellent  Pilot  reporting  tool.  Wireshark,  which  is  the  basis  of  AirPcap,  is 
a  popular  open  source  packet  analyzer,  so  one  could  in  theory  assem¬ 
ble  a  Wi-Fi  packet-capture  and  analysis  solution  at  no  cost  —  other  than 
writing  a  little  code  and  a  bit  of  integration.  CACE  makes  it  so  simple, 
however,  that  one  can  easily  justify  the  very  modest  cost  of  its  bundle. 

Note  that  we  did  not  consider  physical-layer  spectral  (radio  fre¬ 
quency)  analysis  tools, which  we’ll  explore  in  an  upcoming  test.Norare 
products  designed  for  detailed  802.11  PHY-  and  media  access  control 
(MAC)-layer  analysis  (such  as  those  from  Azimuth  Systems  and 
VeriWave),  which  are  of  interest  primarily  to  WLAN  product  designers 
and  in  large-scale  benchmarking  tests. 

All  the  products  tested  require  a  supported  Wi-Fi  adapter.  Sometimes 
one  is  included  in  the  product’s  package  (a  convenient  and  comforting 
alternative),  and  sometimes  the  user  must  choose  from  a  range  of  sup¬ 
ported  commercial  Wi-Fi  hardware  (which  may  or  may  not  be  in  one’s 
spare  adapter  box).  This  technical  twist  means  WLAN  administrators 
must  be  cautious  in  selecting  an  analysis  tool:  Most  products  support  a 
very  restrictive  set  of  adapters,  and  some  of  these  require  custom  dri¬ 
vers;  consequently  they  often  limit  the  functions  of  the  device  on  which 
they  are  installed. 

WildPackets  OmniPeek  Enterprise 

WildPackets’  OmniPeek  Enterprise  delivers  Wi-Fi  packet-capture  and 
analysis  features  as  part  of  its  full-featured  network-assurance  package. 
It’s  important  to  mention  that  OmniPeek  is  not  specific  to  wireless  —  it’s 


NETRESULTS 


Product 

WiFi  Analyzer 

AirPcap  Ex,  Wireshark 
and  Pilot 

AirDefence  Mobile 

Vendor 

AirMagnet 

www.airmagnet.com 

CACE  Technologies 
www.cacetech.com 

Motorola 

www.airdefense.net 

Price 

$3,500 

$498  to  $1,700 

$1,500 

Pros 

Part  of  robust  assurance  tool; 
excellent  set  of  features;  very  easy 
to  use. 

Very  easy  to  use;  broad  set  of 
functions;  includes  hardware;  low 
price. 

None 

Cons 

Overkill  if  packet  capture  and  analy¬ 
sis  are  all  that’s  needed;  installation 
is  painful. 

Pilot  is  optional. 

Very  limited  and  inconvenient 
functions;  requires  file. 

Score 

4.8 

5 

2.3 
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WildPackets’  OmniPeek,  while  it  offers  an  entire  suite  of  WLAN  management  tools, 
received  perfect  scores  across  the  board  as  a  tool  for  capturing  and  analyzing 
wireless  traffic  in  an  enterprise  network. 


a  full-function  network-analysis  tool  for  wired 
segments  as  well.  We  also  must  note  that  there 
are  less-expensive  versions  than  the  Enterprise 
one  we  tested,  so  we're  making  claims  only 

about  this  one. 

Installation  was  easy  —  just  enter  the  serial 
number  provided  with  the  software  license 
and  select  your  adapter.  Our  internal  WLAN 
adapter  was  not  supported  by  OmniPeek,  so 
we  used  a  Linksys  WUSB600N  dual-band 
802.1  In  adapter  with  the  required  custom 
driver  provided  by  WildPackets.  We  did  not 
use  the  OmniEngine  component,  a  Windows 
service  that  is  designed  for  larger,  distributed 
(including  multi-site)  monitoring  and  cap¬ 
ture  applications. 

Setting  up  a  capture  with  OmniPeek  lets  the 
user  specify  detailed  parameters,  including 
channel,  triggers  (conditions  on  which  the 
product  is  to  start  capturing),  and  filtering  by 
frame  type  and/or  protocol.  The  interface  is 
easy  to  use.  although  one  needs  to  navigate 
among  multiple  windows  to  view  everything. 

Omni  Reeks  flexibility  is  first-rate.  Names  can 
be  resolved  via  DNS.  notes  can  be  added  to 
selected  packets,  individual  parameters  associ¬ 
ated  with  a  particular  packet  (such  as  source 
addresses  and  ports)  can  be  selected  or  hid¬ 
den.  and  data  can  be  decrypted  if  you  have  the  key  Captures  can  be 
saved  in  file  formats  including  those  supported  by  the  open  source 
Wireshark  network  protocol  analyzer.  The  product  also  enables  a  high 
degree  of  customization,  including  extending  analysis  with  custom 
code  (for  specialized  protocols).  Complete  filtering  also  is  provided, 
enabling  a  user  to  focus  only  on  particular  packets  or  protocols. 

Overall,  this  product  was  by  far  the  easiest  to  use.  We  had  to  turn 
to  the  manual  only  to  rate  the  documentation’s  quality,  which  was 
also  excellent. 

AirMagnet  WiFi  Analyzer 

AirMagnet  has  been  a  fixture  in  the  Wi-Fi  assurance  space  since  the 
company  shipped  its  first  Focket-PC-based  product  almost  a  decade 
ago.  AirMagnet  offers  a  comprehensive  set  of  tools  for  almost  every 
WLAN  venue,  from  handheld  to  enterprise  class.  For  this  test,  we  looked 
only  at  the  company’s  WiFi  Analyzer  8.0  (formerly  Laptop  Analyzer). 

We  used  setups  of  this  product, one  installed  on  our  Dell  notebook  PC 
and  another  pre-installed  on  an  OQO  Model  02  Micro  PC. The  PC  ver¬ 


sion’s  features  were  identical  to  the  Micro  PC  version,  but  the  conve¬ 
nience  of  the  latter  was  undeniable  —  the  OQO  is  a  bit  larger  than  a 
typical  PDA-form-factor  handset,  but  is  a  full-function  Windows  XP 
machine. This  form  factor  is  quite  appropriate  to  Wi-Fi  troubleshooting 
and  analysis  activities,  which  can  require  a  high  degree  of  mobility 
Some  might  have  a  problem  with  eyestrain  because  of  OQO’s  smaller 
screen,  but  this  issue  is  partially  remedied  by  the  handy  screen-magni¬ 
fier  buttons  on  its  keyboard. 

Installing  WiFi  Analyzer  is  complex  because  of  licensing  issues,  as  is 
often  the  case.There  are  a  license  number  and  a“serial  key” to  enter,  but 
don’t  enter  them  on  the  device  —  instead,  include  this  step  as  part  of 
the  registration  process  on  the  AirMagnet  support  page.  Also,  as  part  of 
the  installation  process,  you  have  to  make  sure  you  have  a  wired  con¬ 
nection  to  your  PC,  because  installation  commandeers  the  wireless 
adapter.  And  remember,  the  license  binds  to  the  MAC  address  of  the 
Ethernet  adapter,  not  the  wireless  card.  Got  all  that?  This  process  is 
much  more  difficult  than  it  needs  to  be,  and  perhaps  could  be 
addressed  quite  simply  by  including  instructions  in  the  package. 


RFprotect  Mobile  and 
Paglo  Labs’  Packetyzer 

Aruba  Networks 
www.arubanetworks.com 


OmniPeek  Enterprise 

WildPackets 

www.wildpackets.com 


CommView  for  WiFi 

TamoSoft 

www.tamos.corn 


$3,000 

Supplies  drivers  for  Packet 
Analyzer 

Uses  external,  open-source  analyz¬ 
er;  other  suite  features  superflu¬ 
ous  if  only  packet-capture  and 
analysis  are  required. 

3.6 


$6,000 

Part  of  robust  assurance  tool  suite;  out¬ 
standing  breadth  and  depth  of  packet-cap¬ 
ture  and  analysis  features;  very  easy  to  use. 

Overkill  if  packet-capture  and  analysis  are 
all  that's  needed. 


$499 

Good  range  of  functions;  flexibility; 
low  price. 

Same  price  as  AirPcap,  but  does¬ 
n't  include  hardware. 


5 


4.8 
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SCORECARD 


Action 

Features 

Ease  of  use 

Documentation 

installation 

Total 

Weighting 

50% 

30% 

10% 

10% 

CACE  Technologies'  AirPcap  Ex,  Wireshark,  Pilot 

5.0 

5.0 

5.0 

5.0 

5.0 

WildPackets'  OmniPeek  Enterprise 

5.0 

5.0 

5.0 

5.0 

5.0 

AirMagnet’s  WiFi  Analyzer 

5.0 

5.0 

4.0 

4.0 

4.8 

TamoSoft  CommView  for  WiFi 

5.0 

5.0 

4.0 

4.0 

4.8 

Aruba  Networks’  RFprotect  Mobile/Paglo  Packetyzer 

4.0 

3.0 

4.0 

3.0 

3.6 

Motorola's  AirDefense  Mobile 

2.0 

2.0 

3.0 

4.0 

2.3 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available. 


Our  notebook  configuration  was  used  with  the  internal  Intel  adapter 
(and  yes,  we  needed  to  know  the  model  of  the  one  installed)  and 
AirMagnet’s  Cl 060  802.1  la/b/g/n  PC  Card.  The  OQO’s  built-in  Atheros 
Communications  AR5006XS  adapter  was  used  for  testing  on  that  device. 

WiFi  Analyzer  has  a  huge  range  of  functions,  including  security-  and 
other  vulnerability-monitoring,  rogue  detection,  performance  testing, 
inference-based  interference  analysis,  and  a  detailed  knowledge  base 
called  AirWISE.  All  this  can  make  it  a  very  good  value  for  many  organi¬ 
zations,  because  a  broad  range  of  features  beyond  packet-capture  and 
analysis  is  desirable  if  not  always  required. 

In  terms  of  capture  and  analysis,  however,  the  Decodes  page  is  the 
place  to  look.  Every  802.11  frame  passing  over  the  WLAN  is  recorded 
here,  and  it’s  possible  (and  necessary  in  most  cases)  to  filter  by  chan¬ 
nel,  Service  Set  Identifier  (SSI D),  access  point,  station  and  frame  type. 
Decoding  of  802.11  frames  (with  the  exception  of  decrypting  secured 
data)  is  performed  when  the  capture  is  stopped  (a  little  red  button  on 
the  page  does  this),  and  detailed  down-to-the-bit  information  is  pro¬ 
vided.  Capture  recording  is  included,  although  we  had  to  dig  a  little  to 
figure  out  how  to  use  it. 

Other  analyzers  working 
in  the  wireless  realm 

We  also  looked  at  Ufasoft  Snif  4.126,  but  found  it  supports 
no  contemporary  wireless-LAN  adapters.This  was 
surprising,  because  the  program  was  last  updated  in 
December  2008,  but  no  documentation  or  even  a  help  file  is 
available.  E-mails  to  the  support  contact  went  unanswered. 

AirGrab’s  Network  Packet  Analyzer  0.8  for  the  Mac  is  a 
general-purposeTCP/UDP  capture  tool  that  connects  to  the 
Mac's  wireless  adapter.  It’s  free  and  not  bad  for  basic  IP  cap¬ 
ture  and  analysis.  Despite  its  name,  however,  it  doesn’t  cap¬ 
ture  or  analyze  any  Wi-Fi-specific  information. There’s  no 
manual,  but  it’s  pretty  simple. 

We  also  tried  the  free  version  of  Kismet  available  on  the 
CACETechnologies  Web  site. This  tool  works  with  the 
AirPcap  adapter,  but  is  very  primitive  (DOS-era);  it  would  be 
hard  to  recommend  this  one  for  corporate  use. 

Finally,  we  invited  Network  Instruments  to  submit  its  inter¬ 
esting  Observer  product  for  review,  but  the  company  declined, 
citing  wireless  as  not  being  a  core  area  of  its  product  capabil¬ 
ities.  Still,  a  free  evaluation  is  available. 


Overall,  the  packet-capture  and  analysis  capabilities  of  WiFi  Analyzer 
are  very  easy  to  use,  requiring  only  occasional  glimpses  at  the  very  well- 
constructed  user  guide,  provided  as  a  well-indexed  PDF  file.  It  even 
automatically  reenabled  our  default  802.11  driver  upon  exit. 

Aruba  Networks  RFprotect  Mobile 

Formerly  part  of  the  Network  Chemistry  product  line  acquired  by 
Aruba,  RFprotect  Mobile  is  an  omnibus  WLAN  assurance  suite  with  a 
wide  variety  of  functions.  With  respect  to  packet-capture  and  analysis, 
however,  the  suite  serves  primarily  as  a  source  from  which  to  get  the 
custom  drivers  required  to  turn  a  set  of  otherwise  ordinary  Wi-Fi  cards 
into  sensors  and  (for  our  purposes  here)  packet-capture  vehicles. 

The  Aruba  suite  then  fires  up  Paglo  Labs’  Packetyzer  5.0.0  analysis 
tool,  which,  when  enabled  by  the  customized  Aruba  drivers,  does  a  ser¬ 
viceable  job  of  capturing  and  analyzing  802.1 1  frames.  Packetyzer  was 
developed  originally  by  Network  Chemistry,  and  the  current  release 
dates  back  to  2006.  Not  otherwise  capable  of  802.1 1  packet-capture  and 
analysis,  Packetyzer  depends  on  RFprotect  Mobile  only  as  a  source  of 
drivers  —  it  might  be  a  good  tool  on  its  own  if  Aruba  should  decide  to 
make  the  drivers  available  separately  Packetyzer  is  free,  based  on 
Ethereal,  and  it’s  also  open  source. 

Packetyzer’s  age  shows  a  bit;  it’s  not  very  visually  appealing,  and  the 
help  file  is  incomplete.  But  there  are  a  lot  of  functions  if  one  is  willing 
to  explore,  including  statistical  analysis  of  captured  data  and  very 
robust  filtering  capabilities.  We  wouldn’t  mind  using  this  tool  regularly 
if  the  drivers  were  available  separately  But  RFprotect  Mobile  is  a  very 
useful  assurance  tool,  so  users  of  this  application  have  access  to  a 
decent  packet-capture  and  analysis  tool,  albeit  one  that’s  less  conve¬ 
nient  and  easy  to  use  than  WiFi  Analyzer  or  OmniPeek. 

Motorola  AirDefense  Mobile 

AirDefense,  one  of  the  leading  Wi-Fi  security  firms,  is  now  part  of 
Motorola.  We  tested  its  AirDefense  Mobile  4.3  kit,  which  includes  a  dual¬ 
band  802.1  la/b/g  adapter  card  and  several  high-gain  antennas.  It’s  also 
possible  to  use  a  fairly  restrictive  set  of  other  adapters  as  well,  the  restric¬ 
tiveness  again  being  due  to  the  need  for  custom  drivers  provided  by 
Motorola.  Installation  was  easy  although  a  reboot  is  required  after  the 
installation. This  product  hasn’t  been  updated  in  a  while,  and  it  doesn’t 
support  802.1  In  at  this  time. 

As  an  omnibus  assurance  suite  —  especially  considering  its  relatively 
low  price  —  AirDefense  Mobile  is  still  pretty  competitive.  With  respect 
to  packet-capture  and  analysis,  however, its  features  are  weak.  One  must 
globally  enable  a  packet  capture  via  an  Options  setting;  then  captured 
data  for  all  selected  (scanned)  channels  is  written  out  using  a  propri¬ 
etary  file  format.These  files  can  be  converted  to  the  PCAP  format, which 
then  can  be  read  by  Ethereal,  Wireshark  or  tcpdump.  This  process 
involves  DOS  commands,  however,  and  is  thus  a  less  convenient  alter¬ 
native  to  the  other  products.  Overall,  AirDefense  Mobile’s  packet-capture 

See  WLAN  test,  page  32 
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Be  among  the  select  advisors  who ; 

contribute  to  online  surveys  and  provide 
gain  access  to  study  results. 
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>  expand  their  knowledge  through  panel  resoun 
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CACE’s  optional  Pilot  product  is  software  that  provides  statistical 
analysis  and  reporting  on  the  Wi-Fi  packets  pulled  off  WLAN  links. 
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and  analysis  services  are  difficult  to  use  and  not  competitive  with  the 
other  products  tested,  marring  an  otherwise  fine  assurance  tool. 

GAGE  Technologies  AirPcap  Ex,  Wireshark  and  Pilot 

CACE  is  one  of  the  most  visible  firms  in  network  analysis,  offering  a 
number  of  products  for  wired  and  wireless  applications.  AirPcap  con¬ 
sequently  is  one  of  the  best-known  tools  for  WLAN  packet-capture  and 
analysis  (see  screenshot  above).  It’s  based  on  the  very  popular,  open 
source  Wireshark  (formerly  Ethereal)  protocol  analyzer.  AirPcap  adds 
the  wireless-specific  parts,  and  includes  a  Wi-Fi  receiver  as  part  of  the 
package  —  no  other  adapter  is  required,  so  getting  up  and  running  is 
quick  and  easy:  install  the  driver  (as  is  always  good  practice,  don’t  use 
the  included  CD  —  download  the  latest  version),  insert  the  USB 
adapter,  install  Wireshark  —  and  that’s  it. 

A  concise  but  helpful  manual  is  included,  along  with  MAN  pages 
(familiar  to  Unix  users)  for  Wireshark  (and  there  is  lots  of  other 
Wireshark  information  on  the  Web),  but  it  would  be  fair  to  say  that  this 
product  is  aimed  at  experienced  professionals  with  a  solid  networking 
background  —  just  the  sort  of  folks  qualified  to  do  any  form  of  packet- 
capture  and  analysis  in  the  first  place.  Developer  tools  also  are  in¬ 
cluded,  making  this  product  ideal  for  custom  applications. 

The  company  provided  the  USB-based  AirPcap  Ex  version  for  review, 
which  supports  802.1  la/b/g  but  not  802.1  In. An  802.1  In  version  is  avail¬ 
able,  however,  only  with  a  PC  card  adapter  form  factor.  An  external  an¬ 
tenna,  which  can  increase  sensitivity  also  is  in  the  box,  but  we  didn’t  need 
it  for  our  testing. 

AirPcap  is  fully  integrated  into  Wireshark  and  is  simple  to  use.  Just 
start  Wireshark,  select  the  AirPcap  adapter  there  and  select  your  chan¬ 
nel;  packets  are  grabbed  and  saved  per  your  direction.  A  wireless  tool¬ 
bar  integrated  into  Wireshark  eliminates  the  need  to  use  the  separate 
AirPcap  control  panel  interface. The  format  of  the  decode  information 
displayed  in  Wireshark  is  a  bit  primitive  compared  to  WiFi  Analyzer’s 
and  OmniPeek’s  verbose  expansions,  but  still  very  useful.  We  liked  that 
multiple  AirPcap  adapters  can  be  aggregated  to  capture  multiple 
channels  simultaneously  (and  completely,  because  it  would  be  impos¬ 
sible  to  scan  channels  with  a  single  radio  while  recording  all  traffic)  in 
a  single  stream.  It’s  also  possible  to  decrypt  data  if  keys  are  provided. 
Frame  decoding  is  very  complete  and  easy  to  use,  although  most  infor¬ 
mation  is  displayed  only  when  the  packet-capture  is  stopped  and  indi¬ 
vidual  frames  are  examined. 


Serious  users,  however,  also  should  look  into  CACE’s 
Pilot  product,  which  isn’t  really  a  packet-analysis  tool, 
although  it  easily  integrates  with  AirPcap  for  that  pur¬ 
pose.  Pilot  instead  is  more  of  a  specialized  WLAN  assur¬ 
ance  tool,  which  provides  statistical  analysis  and  report¬ 
ing  (such  as  traffic  by  frame  type),  and  displays  a  wide 
variety  of  analysis  using  a  ribbon  (just  like  Microsoft 
Office  2007)  and  drag-and-drop  interface  that  lets  the 
user  drag  particular  “views,”  or  methods  for  analyzing 
packet-captures,  onto  devices  (radios  that  grab  packets) 
and  files  (for  recording  captures  for  subsequent  analy¬ 
sis).  This  does  take  a  little  experimentation,  but  within 
five  minutes  we  were  producing  detailed  charts  and 
graphs.  While  Pilot  is  sufficient  for  many  traffic-capture 
and  analysis  exercises,  it’s  also  possible  to  send  captured 
data  (seamlessly)  to  Wireshark  for  deep,  low-level  packet 
analysis.  The  combination  of  AirPcap,  Wireshark  and 
Pilot  provides  a  lot  of  power  and  convenience  at  a  very 
fair  package  price  of  $1,700. 

Documentation  is  outstanding  —  there’s  a  very  com¬ 
plete,  manual  pop-up  help,  and  an  integrated  library  of 
brief  videos  showing  how  to  use  Pilot’s  many  capabilities. 
This  product  combination  is  a  very  nice  complement 
even  to  those  using  a  WLAN  assurance  package,  given  the  broad  range 
of  additional  features  included  in  Pilot. 

TamoSoft  GommView  for  WiFi 

TamoSoft’s  flagship  product  is  Comm  View,  and  CommView  for  WiFi  is 
a  special  edition  that  provides  the  necessary  drivers  that  enable  a  vari¬ 
ety  of  off-the-shelf  Wi-Fi  cards  to  be  used  for  capture  and  analysis  tasks. 

The  product  is  easy  to  install  and  configure  (apart  from  the  need 
to  find  a  suitable  adapter),  and  a  channel  scan  is  performed  at  start¬ 
up  to  find  access  points  within  range. The  channel  to  capture  then 
is  specified  by  the  user,  and  a  simple,  tab-based  interface  can  be 
used  to  zero  in  on  items  of  interest.  Detailed  information  is  pro¬ 
vided  on  tabs  that  include  nodes  (SSIDs  with  summary  informa¬ 
tion),  channels  and  packet  details. 

The  whole  process  is  very  intuitive  and  astonishingly  easy  to  use. 
We  thus  feel  a  little  guilty  for  dinging  TamoSoft  for  not  having  a 
manual. There  is  excellent  documentation  on  the  Web,  however,  and 
we  wouldn’t  mind  using  this  product  every  day.  It  is,  however,  the 
same  price  as  CACE’s  AirPcap,  and  CACE  includes  the  required 
hardware. 

The  bottom  line 

All  the  products  we  reviewed  can  filter  packets  according  to  a  set  of 
criteria,  capture  frames  and  assign  sequence  numbers,  and  save  cap¬ 
tures  to  a  file.  Any  of  the  tools  that  offer  analysis  would  be  suitable  for 
solving  most  problems;  the  differences  lie  in  the  bells  and  whistles 
(many  of  which  are  useful)  and  ease  of  use,  which  is  often  a  function 
of  one’s  preferences  for  a  particular  user-interface  strategy 

Mathias  is  a  principal  with  Farpoint  Group,  an  advisory  firm  specializ¬ 
ing  in  wireless  networking  and  mobile  communications.  He  is  a  consul¬ 
tant,  author,  and  analyst,  and  serves  on  the  advisory  boards  of  three  indus¬ 
try  events.  He  is  also  a  regular  columnist  for  two  publications,  and  his 
Nearpoints  blog  resides  at  Network  World.  He  can  be  reached  at 
craig@farpointgroup.  com. 

■  Mathias  also  is  a  member  of  the  Network  World  Lab  Alliance, 
a  cooperative  of  the  premier  testers  in  the  network  industry, 
each  bringing  to  bear  years  of  practical  experience  on  every  test. 
For  more  Lab  Alliance  information,  including  what  it  takes  to 
become  a  partner,  go  to  www.networkworld.com/alliance. 
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restricting  ISPs  from  blocking  or  slowing 
Internet  traffic,  so  far  with  little  success. 

The  major  telcos,  meanwhile,  have  uniformly 
opposed  ’Net  neutrality  arguing  that  such  gov¬ 
ernment  intervention  would  take  away  ISPs’ 
incentives  to  upgrade  their  networks,  thus 
stalling  the  widespread  deployment  of  broad¬ 
band  Internet.  To  keep  maintaining  and  im¬ 
proving  network  performance,  ISPs  need  to 
have  the  power  to  use  tiered  networks  to  dis¬ 
criminate  in  how  quickly  they  deliver  Internet 
traffic,  ’Net  neutrality  opponents  say 

’Net  neutrality  advocates  have  been  quick 
to  praise  Genachowski’s  nomination, 
because  they  see  him  as  someone  who  will 
be  a  reliable  ally  in  their  cause.  “Expect 
Genachowski  to  turn  his  attention  to  bringing 
more  choice  to  a  broadband  market  con¬ 
trolled  by  a  cartel  of  phone  and  cable  com¬ 
panies,”  writes  Tim  Karr,  the  campaign  direc¬ 
tor  for  media  advocacy  group  Free  Press. 
“He’s  also  expected  to  pry  open  valuable 
spectrum  to  broadband  innovation  and 
access, something  ...Martin  said  was  a  part  of 
his  own  legacy  at  the  agency’ 

Genachowski  has  been  one  of  Obama’s 
biggest  influences  in  his  decision  to  publicly 
endorse  ’Net  neutrality  in  the  past,  Karr  says, 
adding  that  Genachowski  has  held  tremen¬ 
dous  sway  in  what  he  describes  as  Obama’s 
pro-’Net  neutrality  tech  and  media  platform. 

On  the  service  provider  side,  however,  there 
is  considerably  more  caution  with  regard  to 
’Net  neutrality  Matthew  Polka,  president  of  the 
independent  service-provider  industry  group 
the  American  Cable  Association, says  although 
his  group  shares  Obama’s  vision  of  maintain¬ 
ing  an  open  Internet, service  providers  need  to 
be  given  some  leeway  in  how  they  can  man¬ 
age  their  networks. 

“Because  our  members  operate  in  more 
rural  areas,  they  have  fewer  customers  per 
mile, and  so  their  cost  to  deliver  broadband  to 
those  subscribers  is  higher”  Polka  says.  “While 
customers  in  small  markets  and  rural  areas 
want  the  same  amount  of  broadband  in  rural 
America  as  what  they  have  in  Times  Square, 
there  is  cost  in  building  out  the  infrastructure 
that  our  members  have  to  manage  and  pay  for. 
So,  if  your  aim  is  to  get  broadband  out  there, 
you  have  to  be  sensitive  to  the  companies  that 
provide  it.” 
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**One  of  the  the  things  I 
liked  about  Genachowski  is 
that  when  he  was  working  for 
the  Obama  campaign,  he 
accurately  articulated  the 
biggest  problem  facing  the 
United  States,  which  is  the 
underinvestment  in  techno¬ 
logical  research  at  the  educa¬ 
tional  and  university  level.55 

Johna  Till  Johnson, 

Nemertes  Research  analyst  and  Network 
World  columnist 

Obama  indeed  has  made  giving  all  Ame¬ 
rican  citizens  access  to  broadband  Internet  a 
cornerstone  of  his  economic  stimulus  pack¬ 
age,  although  Nemertes  Johnson  says  the 
mere  concept  of  universal  broadband  poses 
some  inherent  dilemmas  that  have  to  be 
resolved.  In  the  first  place,  unlike  electricity- 
or  water-delivery  systems,  Internet  connectiv¬ 
ity  is  a  constantly  evolving  technology  that 
requires  carriers  to  make  constant  upgrades, 
she  says.  The  danger  in  investing  large  sums 
of  money  in  Internet  services  for  rural  and 
underserved  communities  is  that  by  the  time 
the  broadband  infrastructure  is  built,  it  could 
be  outdated  already. 

If  free  markets  really  can’t  provide  rural 
communities  with  broadband  access,  then  the 
government  should  simply  issue  a  nationwide 
tax  aimed  at  funding  the  necessary  deploy¬ 
ments  and  upgrades  that  a  universal  broad¬ 
band  program  will  require,  Johnson  says. 
Otherwise,  the  government  could  spend  bil¬ 
lions  of  dollars  on  a  broadband  network  that 
will  soon  be  left  in  the  dust  by  the  networks 
that  are  constantly  being  upgraded  by  private 
carriers,  she  says. 

“If  universal  broadband  is  a  real  goal,  then 


let’s  put  a  line  item  in  the  budget  saying  that 
this  is  a  tax  we  all  have  to  payf  Johnson  says. 
“Basically  we  can  say  directly  that  it’s  a  tax  so 
we  can  have  people  pay  for  it  directly  Right 
now  it’s  treated  as  a  kinda-sorta  tax.” 

Changing  the  tone 

Beyond  the  new  FCC  chairman’s  stance  on 
important  issues,  telecom  industry 
observers  hope  that  Genachowski  will  help 
to  restore  the  FCC’s  role  as  a  leader  in 
advancing  smart  American  technology  poli¬ 
cy.  Outgoing  FCC  chairman  Martin  has  been 
criticized  by  many  for  what  they  have  called 
a  dysfunctional  decision-making  process  at 
the  FCC,  and  the  U.S.  House  Committee  on 
Energy  and  Commerce  recently  issued  a 
report  alleging  that  he  instructed  his  staff  to 
rewrite  a  previously  issued  report  on  “a  la 
carte”  cable  offerings  within  weeks  of 
becoming  chairman  in  March  2005.  The 
committee  also  alleged  that  he  put  signifi¬ 
cant  pressure  on  his  staff  to  come  up  with  a 
different  conclusion  than  that  of  the  original 
report,  and  that  he  reassigned  the  project  to 
other  staff  members  when  he  didn’t  get  the 
conclusion  he  wanted. 

“Genachowski’s  biggest  job  is  going  to  be  the 
restoration  of  what  has  become  a  broken  com¬ 
mission  process,”  Polka  says,  adding  that  the 
FCC  under  Martin  lacked  public  openness  and 
often  acted  in  an  opaque  and  secretive  man¬ 
ner.  “Genachowski  will  have  to  work  well  with 
other  people  who  may  or  may  not  agree  with 
him,  and  he  will  have  to  make  constructive 
moves  forward  without  politicizing  the  com¬ 
mission.”  he  says. 

Johnson,  meanwhile,  hopes  that  Genachow¬ 
ski  will  import  what  she  says  is  some  much- 
needed  technical  knowledge  to  the  FCC  that 
will  serve  as  a  better  guide  to  making  deci¬ 
sions.  “I  have  a  fair  amount  of  hope  that 
Genachowski  understands  tech,  although  I 
admit  that  it’s  only  a  hope  because  he  doesn’t 
have  an  engineering  background,”  she  says. 
“Even  so,  it  should  be  better  than  the  FCC  has 
been  than  under  Martin’s  tenure,  although  it’s 
hard  to  be  any  worse.”  ■ 
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Giving  in  to  malware 


Mark  Gibbs 


In  Gearhead  last  week  you  could  read  about 
my  attempts  to  get  rid  of  some  malware  that 
had  taken  up  residence  in  one  of  my 
Windows  XP  systems. 

Following  the  advice  of  some  two  dozen 
BACKSPIN  readers  who  recommended  I  try  Malware- 

bytes’ Anti-Malware  product,  1  was  able  to  find 
and  remove  a  Trojan,  and  things  seemed  good. 
Alas,  it  was  all  too  good  to  be  true. 

Less  than  24  hours  after  that  column  was  submitted  my  PC  suddenly 
launched  Firefox  and  displayed  an  advert.  1  have  no  idea  what  the  ad 
was  about.  It  featured  a  scantily  clad  Chinese  lady  and  a  lot  of  Chinese 
ideograms.  I  clicked  on  a  link  and  got  even  more  Chinese  script. 

Two  minutes  later  another  window  was  launched.  More  girls,  more 
ideograms. Then  another  window  opened  apparently  selling  a  com¬ 
puter  game.Then  more  girls.This  wasn’t  porn,  but  what  it  was  I  have 
no  idea.  Altogether  weird. 

Prior  to  trying  Anti-Malware  I  had  noticed  an  instance  of  Internet 
Explorer  was  running  but  no  browser  window  was  open.  After  clean¬ 
ing  with  Anti-Malware  I  suspended  the  IE  instance  and  Firefox 
stopped  opening  windows.  Ah-ha!  Some  process  was  getting  launched 
in  or  with  IE  and  was,  in  turn,  requesting  URLs  be  loaded.  As  my 
default  browser  is  Firefox,  that’s  where  the  pages  appeared.  Why  the 
removal  of  whatever  it  was  that  Anti-Malware  got  rid  of  should  make 
whatever  malware  was  left  run  better  is  a  complete  mystery 
I  ran  Anti-Malware  again  after  the  system  was  deemed  clean  and 
then  again  after  rebooting.  I  also  ran  it  after  the  popups  appeared  and 
. . .  nothing.  According  to  Anti-Malware  my  system  was  as  clean  as  a 
new  pin,  but  my  system  was  still  compromised. 

I  couldn’t  just  give  in  and  rebuild  the  PC,  so  I  started  asking  around 


for  ideas  on  a  list  I  belong  to.  Almost  everyone  suggested  I  wipe  the 
system  and  start  again,  or  at  the  very  least  go  back  to  a  previous  clean 
checkpoint  (the  latter  assumes  that  the  malware,  which  I  can’t  find, 
would  be  absent  at  a  previous  checkpoint,  but  how  would  I  know?). 

I  could  nuke  and  rebuild,  but  this  was  not  what  I  wanted.The  majority 
opinion  was  that  Windows  is  so  complex  and  malware  so  fiendishly 
clever  that  I  had  little  chance  of  finding  out  what  was  going  on. 

One  list  member,  Alan  Wexelblat.,  wrote, “The  problem,  in  a  nutshell,  is 
that  you’ve  been  owned.  PWNd. Taken  to  the  cleaners. This  PC  no 
longer  belongs  to  you,  and  the  fact  that  it  sits  in  your  house  is  only 
coincidental.  It  might  as  well  be  sitting  in  a  server  room  in  Beijing.” 

Another  member  said  Windows  is  “full  of  undocumented  and  even 
deliberately  obfuscated  components”  and  legions  of  highly  motivated 
“malguys”  are  guaranteed  to  find  ways  to  compromise  it.There  are 
just  too  many  places  to  attack,  and  too  many  bits  of  legitimate  soft¬ 
ware  (often  doing  their  own  weird,  undocumented,  not-necessarily- 
safe  things)  to  emulate.” 

So  let  me  sum  up  where  we’re  at:  We  have  a  world  full  of  PCs  run¬ 
ning  an  operating  system  that  can  be  compromised  in  relatively  easy 
ways  that  are  hard  to  detect,  and  there  is  no  reliable  way  to  unwind 
changes  made  by  malware  if  we  do  find  out  we’ve  been  PWNd.  It’s  no 
wonder  we  have  botnet  armies  out  there  that  have  millions  of 
“recruits”  each!  And  the  obvious  conclusion  is  that  things  are  going  to 
get  a  lot  worse. 

And  when  things  do  get  a  lot  worse  we’re  going  to  see  some  major 
market  changes  that  I  plan  to  prognosticate  upon  next  week.  In  the 
meantime  let  me  know  what  changes  you  forsee. 

Gibbs  has  crystal  balls  in  Ventura,  Calif.  Your  visions  to 
backspin  @gibbs.  com. 


Twitter  limits  searches  on  site  . . .  why? 


Two  Twitter  questions  have  been  nagging  at 
me:  Why  on  Earth  would  Twitter  limit  the 
number  of  searches  a  user  may  conduct 
—  a  typical,  relatively  new  user,  such  as  me,  not 
some  piggy  third-party  app  or  bot? 

And,  why  on  Earth  would  one  of  the  most 
talked-about  properties  on  the  Internet  make  it 
so  darn  difficult  to  get  an  answer  to  such  sim¬ 
ple  question? 

Let’s  start  with  the  first  question:  On  a  recent 
Friday  afternoon  I  was  doing  what  Twitter  insists  it  wants  me  to  do, 
namely  trying  to  find  friends  and  acquaintances  who  are  also  Twitter 
users  so  that  we  can  “follow”  each  other’s  “tweets,”  those  tiny  little  mes¬ 
sages  that  consume  no  more  than  140  characters.Twitter  provides  a 
search  box  expressly  for  this  purpose. 

“Let’s  see,”  I  would  say  to  myself, “1  wonder  if  my  old  pal  Phil 
Intheblank  is  on  Twitter?  I’d  type  “Intheblank”  into  the  search  box,  hit 
enter,  and  more  times  than  not  turn  up  nothing.  On  a  few  tries  I’d  find 
Phil  or  Bob  or  Sally  and  add  them  to  my  “follow”  list.  1  did  this  maybe  15 
to  20  times  (I  wasn’t  counting)  over  the  course  of  maybe  15  to  20  min¬ 
utes  (I  wasn’t  keeping  track)  before  getting  this  message  in  response  to 
my  last  query:“Sorry  you’ve  reached  your  limit  on  searches  for  noW’ 

Say  what?  It’s  Friday  afternoon,  news  is  slow,  I’m  trying  my  best  to 
become  a  good  Twitter  citizen  . . .  and  you’re  cutting  me  off  like  some 
drunk  who  just  fell  off  a  bar  stool? 

Pique  and  curiosity  prompted  me  to  take  the  next  logical  step  for 
one  seeking  an  answer  to  a  question  about  Twitter  while  actually  being 
on  Twitter.  I  sent  this  tweet  out  to  my  vast  (not  so  much)  network  of 
Twitter  followers:“Twitter  search  just  told  me: ‘Sorry, you’ve  reached  your 
limit  on  searches  for  now  ...  (Here  I  used  a  naughty  three-letter 
acronym  forexpressing  incredulity.)  No,  seriously  (repeat  naughty 


acronym)  a  limit  on  searches?” 

I  received  one  reply  from  a  longtime  friend/journalist/Twitterer:“I  don’t 
understand  the  search  limit.  Have  you  found  any  coverage  of  that?" 

No  was  my  answer,  although  I  had  just  started  looking.  I  scanned  the 
Twitter  FAQ  and  saw  some  passages  relative  to  limits,  but  they  were 
about  sending  messages  and  interacting  with  the  Twitter  API.  As  for  lim¬ 
iting  searches  by  an  individual?  If  it’s  in  there,  I  couldn’t  find  it. 

Two  colleagues  who  have  logged  more  Twitter  time  told  me  they  had 
never  encountered  or  heard  of  the  search  limit.  Others  have  had  the 
pleasure,  though,  and  they  were  asking  the  same  question:  Why? 

Twitter  has  another  search  box  that  promises  you  can  “See  what’s 
happening  right  now?’ I  entered  “limit  on  searches”  and  that  query 
turned  up  two  full  pages  of  Twitterers  just  as  baffled  as  yours  truly  by 
this  seemingly  arbitrary  roadblock.  Here’s  one  example:‘Tve  reached 
my  limit  on  searches;  (There’s  that  naughty  three-letter  aero  again)  I’m 
trying  to  add  my  social  network;  twitter  FAIL.” 

I  feel  their  pain, so  the  hunt  for  an  answer  would  continue.  I  don’t 
have  any  direct  Twitter  sources.The  Twitter  Web  site  offers  no  press 
contacts  (insert  three-letter  aero), so  I  resorted  to  filling  out  a  common 
user  help  request  via  their  Web  form.  I  quickly  received  an  e-mail 
acknowledgement  and  tracking  number. 

That  was  Friday  By  Tuesday  that  was  all  I  had  by  way  of  a  reply 
There’s  the  telephone,  I  reminded  myself  finally.  I  called  and  got  a  mes- 
sage:“Hi,this  is  Twitter.  The  best  way  to  reach  us  is  by  e-mail  ...” 

I  sent  an  e-mail,  which  as  of  this  writing  has  seen  no  reply.  A  post  on 
my  blog  produced  much  speculation  about  the  search  limit  (abuse 
prevention,  being  foremost)  —  and  even  praise  for  Twitter’s  tactic  — 
but  nothing  from  Twitter. 

Maybe  they’ll  send  me  a  tweet. 

E-mail  still  works.  That  address  is  buzz@nww.com. 
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Data  centers  move  as  fast  as  business  when 
physical  and  virtual  workloads  work  as  one 


With  PlateSpin®  workload  management  solutions  from  Novell®,  what  business  wants  right  now, 


your  data  center  can  deliver  right  now.  A  single  suite  of  products  centrally  monitors,  manages  and 
optimizes  physical  and  virtual  servers  for  you,  automatically  shifting  workloads  to  the  right  server 
at  the  right  time.  Improve  server  utilization,  reduce  costs  and  make  your  data  center  more  agile  so 
you  can  respond  to  business  demands  in  real  time.  Let  us  make  IT  work  as  one  for  you. 


Novell. 
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